[okular] [Bug 482682] New: Digital Signature not referenced in AcroForm

Thu, 07 Mar 2024 02:12:15 -0800 

https://bugs.kde.org/show_bug.cgi?id=482682

            Bug ID: 482682
           Summary: Digital Signature not referenced in AcroForm
    Classification: Applications
           Product: okular
           Version: 23.08.1
          Platform: Debian unstable
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: PDF backend
          Assignee: okular-de...@kde.org
          Reporter: tobias.w...@electrologic.org
  Target Milestone: ---

Created attachment 166560
  --> https://bugs.kde.org/attachment.cgi?id=166560&action=edit
Test document and signed result

SUMMARY

When creating a digital signature with Okular, the signature dictionary is not
referenced in the AcroForm as required by the PDF/A Signature Tech Note [1].
This leads to problems in various signature validation software [2,3,4], namely
that the signature is not found.

[1]
https://pdfa.org/wp-content/uploads/2011/08/tn0006_digital_signatures_in_pdfa-1_2008-03-141.pdf
[2] https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/validation
[3] https://service.exceet.cloud/signature-check/web
[4] https://sws.firmacerta.it/SignEngineWeb/verifier.xhtml


STEPS TO REPRODUCE
1. Sign a PDF document with Okular
2. Verify with an external verification tool

OBSERVED RESULT
Signature is not found in external verification tools

EXPECTED RESULT
Signature is found and successfully validated

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Debian unstable
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 5.103.0
Qt Version: 5.15.8
Poppler Version: 22.12.0

ADDITIONAL INFORMATION
The unsigned and signed document are attached for reference.

When inspecting the PDF specifications, the situation is more complicated. 
The used test document is a PDF 1.4 document, so the signature field must be an
interactive form field, meaning it has to be referenced in the AcroForm.
The PDF 1.7 introduces non-interactive forms which, to my understanding, don't
need the AcroForm entry.
The signature field section (12.7.5.5 in PDF 2.0) does not state whether an
interactive or a non-interactive form field needs to be used.
While this explains while poppler and Adobe Acrobat Reader find the signature
and validate it successfully, thereby at least ignoring the undefined
non-interactive form type in PDF 1.4.
However there is still the PDF/A Signature Tech Report which should be taken
into account when creating signatures.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to