well yes, it ends now in "_signiert.pdf" with German language settings and "_signed.pdf" in English.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Sep 12 2023
Sep 12 2023
Sep 8 2023
Sep 8 2023
• aheinecke triaged T6711: Okular: Reload signed PDF instead of opening another window as High priority.
Tested with current version. Works.
Sep 4 2023
Sep 4 2023
• ebo moved T6613: Okular: filename suggestion unsuitable from Restricted Project Column to Restricted Project Column on the Restricted Project board.
This should be in the newest for testing.
Aug 8 2023
Aug 8 2023
• werner triaged T6633: GPGME: Add API for extended key usage flags like nonRepudation as Normal priority.
Here is an example from my QES cert:
That does not mean that this is a good idea. And well, I heard that Poppler does not have a stable API.
The poppler api exposes it. Has done it since more or less the incarnation of pdf signing in poppler I think.
Don't do that. The key usage extensions rarely useful. This is the usual X.509 DbC (design by commitee) mess. See for example https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt . Let's not try to follow this path.
Aug 4 2023
Aug 4 2023
The poppler API exposes key usage extensions, and I'm trying to reconstruct them from the canX flags, which of course is highly inaccurate.
• ikloecker added a comment to T6633: GPGME: Add API for extended key usage flags like nonRepudation.
Technically, the canX are already checking a flag internally because _gpgme_key stores the can_X values as single bits. There are still 17 unused bits in _gpgme_key, i.e. there's plenty of space for more flags like can_haz_cheezeburger.
• aheinecke renamed T6633: GPGME: Add API for extended key usage flags like nonRepudation from GPGME: Add API for extended key usage flags aka nonRepudation to GPGME: Add API for extended key usage flags like nonRepudation.
• aheinecke assigned T6633: GPGME: Add API for extended key usage flags like nonRepudation to • werner.
OK, still the whole usage stuff screams for a flag style api IMO. With all the canX then reduced to checking for the according flags internally.
@werner I am assigning this to you for triage. Basically set it to wontfix or whishlist if you think it would be worthwhile or not for future canHazCheezeburger things
Aug 3 2023
Aug 3 2023
• werner added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.
Use the is_qualified flag to figure out QES certificates. This is more than just a capability flag.
NonRepudiation is not a well defined term. It is used by X.509 but often used similar to a digital signature. Thus this does not make sense. The is_qualified flag is what we need for QeS and it seems we already got this in gpgme.
• aheinecke triaged T6633: GPGME: Add API for extended key usage flags like nonRepudation as Normal priority.
svuorela added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.
gpgme puts digitalSignature and norRepudiation into canSign. We need them separated at the sources (maybe exposing keyUsage directly in gpgme. That would also make the code in poppler better and more accurate. I'm trying to reconstruct the keyUsages from the canSign&friends functions.
• aheinecke triaged T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures as Normal priority.
Jul 25 2023
Jul 25 2023
Jul 24 2023
Jul 24 2023
signing works, too
Jul 13 2023
Jul 13 2023
Jul 5 2023
Jul 5 2023
Ready for testing. I could view a signed PDF and verify the signature with the gpg backend, but other things may not work because of missing dependencies.
Jun 5 2023
Jun 5 2023
Feb 24 2023
Feb 24 2023