Bug 481266 - [wish] pdf signing, okular can use openPGP certificcate
Summary: [wish] pdf signing, okular can use openPGP certificcate
Status: RESOLVED FIXED
Alias: None
Product: okular
Classification: Applications
Component: PDF backend (other bugs)
Version First Reported In: unspecified
Platform: Other Linux
: NOR wishlist
Target Milestone: ---
Assignee: Okular developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-12 13:50 UTC by Philippe ROUBACH
Modified: 2025-03-06 16:06 UTC (History)
2 users (show)

See Also:
Latest Commit: https://invent.kde.org/graphics/okular/-/commit/0e338c4f52de264a6ca69fd345ea82dc3bcfeece
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Philippe ROUBACH 2024-02-12 13:50:59 UTC 
SUMMARY

It would be handy to use OpenPGP certificate to sign a PDF document.

Why ? Because Kmail creates automatically an OpenPGP certificate to sign the email when creating an account.

LibreOffice can use the OpenPGP certificates created by Kmail.

Thanks
Comment 1 Sune Vuorela 2024-02-12 14:08:53 UTC 
Hi

This is not specified in the pdf specification, so it would be a purely okular-to-okular feature. While it probably wouldn't be many man weeks of work to implement something that works, given it is not actually specified in the pdf spec, I don't think it is useful.
Comment 2 Philippe ROUBACH 2024-02-12 14:25:07 UTC 
Ok

In this case, it would be a good thing that Okular, at the first opening, creates automatically an S/MIME OpenPGP certificate with Kleopatra.
Comment 3 Sune Vuorela 2024-02-12 14:35:53 UTC 
(In reply to Philippe ROUBACH from comment #2)
> In this case, it would be a good thing that Okular, at the first opening,
> creates automatically an S/MIME OpenPGP certificate with Kleopatra.

In general, S/Mime (x509) certificates needs to be authorized/notarized by a 3rd party (not unlike how browser https security works), so just generating something is not going to be useful in the long run.

For example, in certain countries, you can get a governmental issued certificate with a government organization as trust anchor.
Comment 4 Albert Astals Cid 2024-02-12 21:21:35 UTC 
We're not going to do that.

An okular only feature is not useful, and a self signed certificate is not useful.

For that level of not actual cryptographically-valid signature  you can as well just add a stamp annotation with your signature as an image and call it signed, that's what most people want anyway ¯\_(ツ)_/¯
Comment 5 Sune Vuorela 2025-03-06 14:50:05 UTC 
Git commit 0e338c4f52de264a6ca69fd345ea82dc3bcfeece by Sune Vuorela.
Committed on 06/03/2025 at 13:17.
Pushed by sune into branch 'master'.

Pgp signatures in pdf files

Add a setting to ask poppler to enable pgp signatures in pdf files
 - also put in a notice-messagebox when enabling it saying it only works
   between certain okular's

Create filtering in signature list to only show pgp signatures, and mark
pgp keys in certificate list

M  +11   -0    core/signatureutils.cpp
M  +20   -0    core/signatureutils.h
M  +5    -0    generators/poppler/conf/pdfsettings.kcfg
M  +10   -0    generators/poppler/conf/pdfsettingswidget.ui
M  +3    -0    generators/poppler/generator_pdf.cpp
M  +22   -0    generators/poppler/pdfsettingswidget.cpp
M  +18   -0    generators/poppler/pdfsignatureutils.cpp
M  +7    -0    part/selectcertificatedialog.ui
M  +12   -0    part/signaturepartutils.cpp
M  +1    -1    part/signaturepartutilsmodel.h
M  +9    -1    part/signingcertificatelistmodel.cpp

https://invent.kde.org/graphics/okular/-/commit/0e338c4f52de264a6ca69fd345ea82dc3bcfeece
Comment 6 Philippe ROUBACH 2025-03-06 16:06:16 UTC 
Thanks