Page MenuHome GnuPG
Create Task
Maniphest T6765

signature-key.pdf has incorrect signature
Closed, ResolvedPublic
Actions

Description

I tried to verify PDF with digital signature (https://gnupg.org/signature-key.pdf), linked from (https://www.gnupg.org/signature_key.html) and looks like it is not valid.

I tried 3 methods

  • Software from my QES vendor - reports that signature is present but not valid
  • ec.europa.eu online tool - reports certificate as revoked?
    DSS-Simple-report.pdf40 KBDownload
  • Adobe Reader - reports file as modified after signing

Event Timeline

Jerry created this task.Oct 17 2023, 12:25 AM
werner removed a project: Bug Report.Oct 17 2023, 9:07 PM
werner added a subscriber: werner.

Your tools don't use the chain validation model which is required for QES (at least according to German laws). A signature is still valid even if the certificate has been revoked. You need to consider the context and the time the certificate was revoked.

(I lost my wallet once, revoked all cards before it showed up with all content at the lost+found).

werner closed this task as Resolved.Oct 17 2023, 9:07 PM
werner claimed this task.