Bug 446549 - Digital signature feature confusing for new users
Summary: Digital signature feature confusing for new users
Status: CONFIRMED
Alias: None
Product: okular
Classification: Applications
Component: PDF backend (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Okular developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-06 12:20 UTC by Nicolai Weitkemper
Modified: 2021-12-13 00:34 UTC (History)
6 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments
e-signed file for comparison (183.46 KB, application/pdf)
2021-12-12 06:03 UTC, johnathan
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Nicolai Weitkemper 2021-12-06 12:20:14 UTC
SUMMARY
The "LTT Linux Daily Driver Challenge, Part 3" (https://www.youtube.com/watch?v=TtsglXhbxno&t=281s) showed Linus trying to "sign" a PDF. He failed to do it in 15 minutes, because he tried setting up a signing certificate, when all he wanted was an image of a signature.
In the long run, I would like Okular to support the latter feature (see https://bugs.kde.org/show_bug.cgi?id=315930), but for now we can help new users understand that "Digitally sign…" is probably not what they were looking for.

STEPS TO REPRODUCE
0. Suppose you don't know the difference between a cryptographic signature and superimposing an image of a signature. There should be no signing certificates installed.
1. Navigate to Extras → Digitally sign…
2. Create a boundary
3. Receive the error message "There are no available signing certificates". Open the linked section of the manual.

OBSERVED RESULT
- Only after the user provides a boundary, Okular gives the error "There are no available signing certificates".
- The linked section of the docs does not clarify the difference between a cryptographic signature and superimposing an image of a signature.

EXPECTED RESULT
- If there are no certificates available, Okular does not ask the user to draw a boundary in the first place.
- The error message and/or the documentation explain what a digital (cryptographic) signature is and/or how adding an image of a signature is not possible yet (AFAIK).
Comment 1 Albert Astals Cid 2021-12-06 18:28:25 UTC
Digital signature is a very clearly defined term https://en.wikipedia.org/wiki/Digital_signature 

I don't feel it's our responsibility to tech people what clearly defined things mean. Should we teach them what "File" means? What "Save" means? Where do you draw the line?

I mean the documentation says says "Adding Digital Signatures" and "To be able to sign a document you need to have a proper PKCS signing certificate available on your system. " what is more clear than we're speaking about a "cryptographic" signature than that.

If you don't know what PKCS means either, then wikipedia it again "In cryptography, PKCS stands for 'Public Key Cryptography Standards'"
Comment 2 Oliver Sander 2021-12-06 19:46:02 UTC
Albert, by and large I agree with you.  However, I think Nicolai's suggestion to grey out the 'digitally sign' menu entry when there are no certificates is worth considering.
Comment 3 Albert Astals Cid 2021-12-06 23:39:28 UTC
Having a disabed menu entry with virtually no way to enable it or indication on how to do it, it's usually bad UI.

I agree with giving directly the "you have no certificates" warning directly instead of before asking to draw the area, that makes total sense.
Comment 4 Nate Graham 2021-12-07 03:38:19 UTC
We already do disable the menu item when no certificates are present; I have none the the menu item is disabled for me.

However cryptography and digital signatures are advanced topics not suitable for new users (who are mentioned in the title of the bug report. Pretty much all normal people I know have no use for actual digital signing; what they want instead is the ability to put a picture of their handwritten signature on a PDF document so that they can upload it to some website. This is a real need that real people have. I have personally had this need many times when dealing with government documents,  bank documents, hospital documents, and employment contracts. Many people I know have had this need many times for similar things. In no cases would a cryptographic digital signature have sufficed in its stead.


When the Okular signing feature was first being developed, I remember recommending that the menu item in question always be enabled and when you click on it, a dialog box asks you something like:

"Do you want to cryptographically sign this document, or stamp a picture of your handwritten signature?"

                                                                                        [Cryptographically sign]   [Stamp handwritten signature]

And if you choose "Cryptographically sign", then it goes through the current UI. If you choose "Stamp handwritten signature", then it would take you through a new UI that would take you through that process instead. I still think that would be a good idea.
Comment 5 Oliver Sander 2021-12-07 08:47:17 UTC
I understand your point, but please no additional dialog box.  It would mean an additional click for everyone.

How about:
* An additional menu entry like "graphically sign" right next to "digitally sign"
* An explanatory dialog popping up when people click on "digitally sign" without having certificates installed
Comment 6 Albert Astals Cid 2021-12-07 09:10:23 UTC
(In reply to Nate Graham from comment #4)
> We already do disable the menu item when no certificates are present; I have
> none the the menu item is disabled for me.

We don't, there are two reasons for that menu entry to be disbled:
 * You don't have a PDF document open
 * Your poppler does not support signing, i guess you're on Neon/Ubuntu so you just have a mega-old poppler and this is why the menu entry is disabled
Comment 7 Bug Janitor Service 2021-12-07 09:54:04 UTC
A possibly relevant merge request was started @ https://invent.kde.org/graphics/okular/-/merge_requests/516
Comment 8 Albert Astals Cid 2021-12-07 10:08:49 UTC
(In reply to Oliver Sander from comment #5)
> I understand your point, but please no additional dialog box.  

Agreed, more dialog boxes don't seem the solution to me.

A different menu item for "fake signature" makes sense, somebody just needs to do the work to hook that menu up with adding a stamp annotation with custom image.
Comment 9 Nate Graham 2021-12-07 16:50:40 UTC
> How about:
> * An additional menu entry like "graphically sign" right next to "digitally
> sign"
> * An explanatory dialog popping up when people click on "digitally sign"
> without having certificates installed
That seems totally reasonable to me.

> We don't, there are two reasons for that menu entry to be disbled:
>  * You don't have a PDF document open
>  * Your poppler does not support signing, i guess you're on Neon/Ubuntu so
> you just have a mega-old poppler and this is why the menu entry is disabled
It is a PDF document, and I'm on Fedora with a recent poppler and I build Poppler from source every day. I guess it's a separate issue; I'll file another bug report about it if it doesn't seem like user/configuration error after some more investigation.
Comment 10 johnathan 2021-12-08 12:41:18 UTC
if i can give my 2 cents. what we call a "digital certificate" as was pointed out is usally something like a hardware token like a yubikey or similar or a certificate like PFX or even what you'd get from https://www.openpgp.org/software/kleopatra/
which uses pgp to sign with your public and private key. 


https://github.com/intoolswetrust/jsignpdf 

this is how you properly sign a pdf. this uses certificates and "time stamping authority" to verify that you, the user with the public key signed the document. it has nothing to do with squigly line sign that you can do.

what was done in the video is "pseudo sign". this isn't really much to it because anyone can do this anytime.  

https://helpx.adobe.com/reader/using/sign-pdfs.html

read how adobe reader does this. they allow users to "draw" a signature but also "secured signs" using signatures and those signatures would be the above, pfx or the likes so we do need to update the UI, give the option like adobe reader.

you can also look at how libreoffice handles digitally signing a document.
Comment 11 Nicolas Werner 2021-12-11 18:06:04 UTC
I agree. Just replacing digital signatures with a drawing does not sound like a good approach to me. As a user I would much prefer having an easy way to create a certificate, even if it is untrusted. The current docs are sadly not helpful enough to get me started. I would instead prefer getting a dialog box, that allows me to setup a cert, if I don't have one and use that. That is actually what I am looking for when pressing the "Digitally sign" button, I just can't get past the certificate creation step.
Comment 12 Nate Graham 2021-12-11 20:37:37 UTC
Neither one is a replacement for the other; there are times when the entity asking you to sign a documents expects a cryptographic digital signature to be embedded, and there are times when they want a handwritten signature put on the "Signature" line, as if you printed the document, signed it, and scanned it. The use cases are just different.
Comment 13 Albert Astals Cid 2021-12-11 23:22:43 UTC
Creating an untrusted certificate is not a good idea, it'll show with huge red flags everywhere, that's defenitely not what you want when you sign something
Comment 14 johnathan 2021-12-12 06:03:25 UTC
i want to add more inputs. the thing is, when you use those squiggly line signature image, that isn't counted anywhere

i have attached a document with a "e-sign"  that i made with https://smallpdf.com/sign-pdf
and a link to a website that does the actual digital signatures on pdfs https://www.tecxoft.com/samples.php

if you open these pdfs, the uploaded one and one from the link, you will see the there is no difference in the "e-sign" from a normal pdf. the signature is just an overlay. it has no "meaning".

the samples otoh, okular tells you "hey. this was digitally signed by this and this person at this time". that is what are called digital signatures and these signed files are legally valid if your certificate checks out. note, evince document viewer does not do anything apparently but okular opens it like adobe reader does.
Comment 15 johnathan 2021-12-12 06:03:55 UTC
Created attachment 144471 [details]
e-signed file for comparison
Comment 16 Albert Astals Cid 2021-12-13 00:34:28 UTC
Git commit 62eec7d5b1e6362d070c74afd1d7dd428aa63611 by Albert Astals Cid.
Committed on 12/12/2021 at 23:43.
Pushed by ngraham into branch 'master'.

Show the "No signing certs" warning earlier

No need to ask for the user to draw a rectangle for the signature
if there's no certs to sign anyway

M  +17   -0    core/signatureutils.cpp
M  +9    -0    core/signatureutils.h
M  +26   -0    part/pageview.cpp
M  +2    -0    part/pageview.h
M  +11   -23   part/pageviewannotator.cpp

https://invent.kde.org/graphics/okular/commit/62eec7d5b1e6362d070c74afd1d7dd428aa63611