Created attachment 161878 [details] The problematic document The attached pdf file contains a signature form field. However, when trying to sign it I am asked for a password. Using the empty string as the password allows me to sign the document. The reason is apparently that in this document the *modification* of the document is password-restricted. Please see the attached Acrobat security settings (German only, sorry. The blue line says: "Admissible changes: Filling-out form fields and signing existing signature fields".) SOFTWARE/OS VERSIONS Betriebssystem: Debian GNU/Linux 12 KDE-Plasma-Version: 5.27.5 KDE-Frameworks-Version: 5.103.0 Qt-Version: 5.15.8
Created attachment 161879 [details] Acrobat security settings
The prompt comes from https://invent.kde.org/graphics/okular/-/blob/master/part/signaturepartutils.cpp#L409 DocumentHasPassword comes from https://invent.kde.org/graphics/okular/-/blob/master/generators/poppler/generator_pdf.cpp#L1593 The assumption seems to be that if the document is encrypted we need the password to *read* it, but that's not the case here
(In reply to Nicolas Fella from comment #2) > The prompt comes from > https://invent.kde.org/graphics/okular/-/blob/master/part/signaturepartutils. > cpp#L409 > > DocumentHasPassword comes from > https://invent.kde.org/graphics/okular/-/blob/master/generators/poppler/ > generator_pdf.cpp#L1593 > > The assumption seems to be that if the document is encrypted we need the > password to *read* it, but that's not the case here Yeah, DocumentHasPassword implementation needs to be changed to something like "did call to init had a non empty password variable"
A possibly relevant merge request was started @ https://invent.kde.org/graphics/okular/-/merge_requests/961
Git commit ea243a2a03f9249c3fc36bdbcdb71d987de064ce by Nicolas Fella, on behalf of Nicolas Fella. Committed on 02/04/2024 at 11:04. Pushed by aacid into branch 'master'. Fix DocumentHasPassword check A document can be encrypted without requiring a password to open/sign it. Currently we assume we need a password to sign it for such documents, but that's not correct. Instead of checking whether the document is encrypted remember whether we needed a password for opening. M +2 -1 generators/poppler/generator_pdf.cpp M +2 -0 generators/poppler/generator_pdf.h https://invent.kde.org/graphics/okular/-/commit/ea243a2a03f9249c3fc36bdbcdb71d987de064ce
Git commit 01397669c997a6100002c69dc528a9229070450a by Albert Astals Cid, on behalf of Nicolas Fella. Committed on 03/04/2024 at 15:59. Pushed by aacid into branch 'release/24.02'. Fix DocumentHasPassword check A document can be encrypted without requiring a password to open/sign it. Currently we assume we need a password to sign it for such documents, but that's not correct. Instead of checking whether the document is encrypted remember whether we needed a password for opening. (cherry picked from commit ea243a2a03f9249c3fc36bdbcdb71d987de064ce) M +2 -1 generators/poppler/generator_pdf.cpp M +2 -0 generators/poppler/generator_pdf.h https://invent.kde.org/graphics/okular/-/commit/01397669c997a6100002c69dc528a9229070450a
The situation in 24.02.2 seems to be worse, i.e. one cannot sign a document anymore. The password dialog pops up but now an empty string is not allowed anymore and one has no way of signing the document ("cancel"/close the dialog will cancel the signing process). This is tested with the attached document and also other documents with a signature field.
There is a bit of a regression there, make sure you click on the top list of the dialog that shows up asking for which certificate to use and it should work. We have fixed that for next release. Please confirm this works for you.