Created attachment 119266 [details] File with empty signature form field The attached pdf file contains an empty signature field. When opening the file, Okular shows a blue message box claiming "This document is digitally signed.", which is not correct. For the same file, pdfsig shows Digital Signature Info of: Anzeige_DM_Seite_3_empty.pdf Unimplemented Feature (0): Unable to validate this type of signature Signature #1: - Signer Certificate Common Name: (null) - Signer full Distinguished Name: (null) - Signing Time: Jan 01 1970 01:00:00 - Signing Hash Algorithm: unknown - Signature Type: adbe.pkcs7.detached - Signature Validation: Signature has not yet been verified. Unimplemented Feature (0): Unable to validate this type of signature Signature #2: - Signer Certificate Common Name: (null) - Signer full Distinguished Name: (null) - Signing Time: Jan 01 1970 01:00:00 - Signing Hash Algorithm: unknown - Signature Type: adbe.pkcs7.detached - Signature Validation: Signature has not yet been verified. Unimplemented Feature (0): Unable to validate this type of signature Signature #3: - Signer Certificate Common Name: (null) - Signer full Distinguished Name: (null) - Signing Time: Jan 01 1970 01:00:00 - Signing Hash Algorithm: unknown - Signature Type: adbe.pkcs7.detached - Signature Validation: Signature has not yet been verified. That looks dubious, too, so maybe the root cause is in poppler. This happens with Okular from today's git master on Debian testing.
It is correct, the document is signed, it has three shitty broken signatures, but it has signatures.
Okay, so not a bug. But can we improve the text somehow to make it clearer that the signatures are shitty broken? "This document is signed" sounds too positive. Unfortunately, not being a signature or usability expert I cannot currently come up with a specific proposal. Nate, do you have an idea?
Not an expert on this stuff so let me ask some questions: - What exactly do you mean by "shitty broken signatures?" - Are shitty broken signatures valid? Can they be legitimately used for any purpose?
(In reply to Nate Graham from comment #3) > Not an expert on this stuff so let me ask some questions: > > - What exactly do you mean by "shitty broken signatures?" Lots of fields are missing. > - Are shitty broken signatures valid? Depends on what you mean by valid :D The existing contents are not wrong, they just miss lots of fields that make them quite shitty and not very useful. > Can they be legitimately used for any purpose? Most probably not.
(In reply to Albert Astals Cid from comment #4) > (In reply to Nate Graham from comment #3) > > Can they be legitimately used for any purpose? > > Most probably not. In that case, for such PDFs, I would say we probably should not display the "This document is digitally signed" message widget.
We now show a red warning about the signatures being broken, is this good enough?
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!