Draft: Add signatures verification to evince

Marek Kašík requested to merge mkasik/evince:signatures into main

This merge request adds signature verification to evince. It was originally created by Vasco Dias at https://bugzilla.gnome.org/show_bug.cgi?id=614929 (now #143).

I've modified the Vasco's patches so that they work with code we've pushed to glib frontend of poppler. The patches add new category to the sidebar where all signatures of the document are listed together with their status.

The biggest change I've done to the original patches is that I use similar statuses for signatures and certificates to the ones which we have in poppler. These seems to track statuses of signatures and certificates well in general case. It allows us to be more descriptive in the UI when wee need to inform user about the status of signature and certificate.

The main issue I had was presence of certificates of qualified CAs in the system. It is not possible to show correct info about whether the signature as whole is correct without those. I plan to propose a new package for my distribution (Fedora) regarding this for at least EU Trusted Lists (EUTL - https://digital-strategy.ec.europa.eu/en/policies/eu-trusted-lists) which lists qualified CAs for EU. This will need to assess license of those certificates.

Other source of certificates of qualified CAs could be Adobe Approved Trust List (AATL - https://helpx.adobe.com/acrobat/kb/approved-trust-list1.html) but these are lists of private companies created by another private company so it will need a discussion on the distribution level.

Regarding the UI, I'll ask jimmac whether he has time to review the design. The UI needs to show status of the signature and also of the certificate and show that the signature as a whole is correct only in the case when signature and certificate are correct. It should also allow for future implementation of signing of the document but I guess that it will be achieved similar to adding an annotation to the document.

It will also need to improve wording so suggestions are welcomed.

Things for consideration:

  1. Okular highlights the signature field in the document when clicked on the signature in the list.

  2. We could show more information about the issuer of the certificate of the signature from subjectDN field of the certificate (would need add a function to poppler-glib API).

  3. We should also probably tell user whether the whole document is signed (= no changes where made in it after signing). Thinking about this, this is something we should really do and which needs 1 new function in poppler-glib API.

  4. If there are more than 1 signatures it would be beneficial to be able to list between the different signed versions (so the user can see possible changes). This would need non-trivial amount of time since I think we don't have API for listing of different versions of the document in poppler-glib now.

  5. Okular also allows to extract certificate from the signature but I think that this feature should be available in e.g. pdfsig tool of poppler instead of UI. On the other hand, if we want to add also signing then we will need to handle certificates in some way anyway.

I'll add some screenshots later today.

Merge request reports