In (currently line 142 of) okular/ui/certificateviewer.cpp, ‘Subject’ is defined as ‘The person/company that made the signature’, as is used as a hint to translators. But the definition is wrong. It’s actually the definition of ‘Issuer’, *not* of ‘Subject’. The ‘Subject’ is (very simply put) the entity the certificate was issued *to*. Or the ‘target of the certificate’, if you’d like.
(In reply to Karl Ove Hufthammer from comment #0) > In (currently line 142 of) okular/ui/certificateviewer.cpp, ‘Subject’ is > defined as ‘The person/company that made the signature’, as is used as a > hint to translators. But the definition is wrong. It’s actually the > definition of ‘Issuer’, *not* of ‘Subject’. For me, the definition is right. From RFC 5280 for X.509 certificate which is the main part of the signature [1]: The subject field identifies the entity associated with the public key stored in the subject public key field. The subject name MAY be carried in the subject field and/or the subjectAltName extension. If the subject is a CA (e.g., the basic constraints extension, as discussed in Section 4.2.1.9, is present and the value of cA is TRUE), then the subject field MUST be populated with a non-empty distinguished name matching the contents of the issuer field (Section 4.1.2.4) in all certificates issued by the subject CA. If the subject is a CRL issuer (e.g., the key usage extension, as discussed in Section 4.2.1.3, is present and the value of cRLSign is TRUE), then the subject field MUST be populated with a non-empty distinguished name matching the contents of the issuer field (Section 5.1.2.3) in all CRLs issued by the subject CRL issuer. If subject naming information is present only in the subjectAltName extension (e.g., a key bound only to an email address or URI), then the subject name MUST be an empty sequence and the subjectAltName extension MUST be critical. [1] https://tools.ietf.org/html/rfc5280#section-4.1.2.6
(In reply to Yuri Chornoivan from comment #1) > (In reply to Karl Ove Hufthammer from comment #0) > > In (currently line 142 of) okular/ui/certificateviewer.cpp, ‘Subject’ is > > defined as ‘The person/company that made the signature’, as is used as a > > hint to translators. But the definition is wrong. It’s actually the > > definition of ‘Issuer’, *not* of ‘Subject’. > > For me, the definition is right. > > From RFC 5280 for X.509 certificate which is the main part of the signature > [1]: I’m aware of RFC 5280. I’m not sure how the string is actually presented in the UI (I tried recompiling Okular, but didn’t find any certificate/signature related things in the UI – perhaps I’m missing a dependency?) As the implementation is really in terms of certificates, I guess I was confused and interpreted ‘The person/company that made the signature’ as ‘The person/company that made the certificate’ (which is the issuer). But if the UI is based on showing information about the signature, shouldn’t it use less technical descriptions, like ‘Signed by’ instead of ‘Subject’?
"I was confused and interpreted ‘The person/company that made the signature’ as ‘The person/company that made the certificate’ (which is the issuer)." So yeah, not a bug. If you're interested in trying it, see https://tsdgeos.blogspot.com/2019/01/okular-pdf-signature-certificate.html