Created attachment 144101 [details] messages from Adobe Reader I have recently checked that Poppler can provide both: 1. signed PDF content verification (i.e. content was not changed after signature) 2. identify verification, given trusted CA certificates (inserted into the Firefox NSS cert db) Reference: https://gitlab.freedesktop.org/poppler/poppler/-/issues/896#note_1172603 It seems to me that oKular when it says "the signature is cryptographically valid" it refers to 1), which might not be 100% clear to whoever sees that message. Ideally oKular would be able to perform 1 and 2, like Poppler does, and display different messages depending on whether both checks are performed or only the first so that the users understands the level of validation. I am attaching the messages from Adobe Reader to illustrate the idea.
Created attachment 144102 [details] another message panel from Adobe Reader
A possibly relevant merge request was started @ https://invent.kde.org/graphics/okular/-/merge_requests/917
Git commit 0bd2c9cfa0304734572a2a36a7fbce8e74dcb8ff by Sune Vuorela. Committed on 26/06/2024 at 12:02. Pushed by sune into branch 'master'. Use async signature validation Also, show information about the validity of the certificate used for the signature M +26 -0 core/form.h M +9 -8 core/signatureutils.h M +27 -0 generators/poppler/formfields.cpp M +10 -0 generators/poppler/formfields.h M +4 -0 generators/poppler/pdfsignatureutils.cpp M +1 -0 generators/poppler/pdfsignatureutils.h M +2 -0 gui/signatureguiutils.cpp M +10 -1 gui/signaturemodel.cpp https://invent.kde.org/graphics/okular/-/commit/0bd2c9cfa0304734572a2a36a7fbce8e74dcb8ff