Digital Certificate(s) showed on PDF documents #5569
Replies: 8 comments 6 replies
-
|
The core of SumatraPDF is MuPDF and that has some ability to attempt Adobe proprietary signing (see mutool sign) but really even Adobe does not always assure the system it proposed for PDF unless written by Adobe (and that too has been breached in the past). Mutool require a system not NATIVE to Windows commands
Setup So who do you trust in that circle of trust SumatraPDF does not use a few distinct parts of MuPDF utilities so for example it currently does not use OCR nor XFA or lesser Forms nor Recognise Bar Codes (which would be the simplest of all) |
Beta Was this translation helpful? Give feedback.
-
|
I understand the explanation (needing to have OpenSSL, Visual C++ redistributable). I already have Visual C++ redistributable installed, and the OpenSSL Light version should be enough to make it work (moving the x64 files to the same folder of sumatrapdfreader). But digital signatures aren't exclusive of Adobe, other programs can also read and show them. Is just that they are huge programs! that is why I suggested these feature. I see many documents that are signed, and I myself sign some, with dedicated applications for that, but those don't show the full PDF document signed after it is signed, it is why I would like to have a simple small program to at least see them on the document and be sure things are applied properly, and be able to see from others. |
Beta Was this translation helpful? Give feedback.
-
|
Well I followed the instructions made a cerrtificate and all that and we can see SSL is installed but mutool does not like it That self same template was easily signed inside Adobe web Signing so it is not the PDF that is the problem it is the method. |
Beta Was this translation helpful? Give feedback.
-
|
In fact current digital certificate signatures help to ensure it is from a real human, or a real company, or a real government... or at least elevate the "bar" of difficulty to do forgeries. The "who" is (?), I get, it can be faked, but is way more difficult than just manual signatures... good luck to know if they are true, I can't tell a real from a fake, and anyone, anywhere including some random young child can fake them, but faking digital certificate signatures is way more difficult to do it, specially qualified signatures... not impossible, but harder. But there is an expected good functionality: secure time stamps from third parties (like: Quovadisglobal, Adacom, Sectigo, Baltstamp, ACCV, Netlock, Izenmpe, Digicert, Actalis, Entrust, SwissSign, and many others) they act like those diverse repositories that even the King could not repudiate them, since are in many different jurisdictions, but for the Time Stamp, and in many cases what one wants to proof is a date & time, and one can add as many timestamps as (s)he wants... and if it is a valid PAdES B-LTA with the CRL value of the Secure Time Stamp, the user can prove the date & time, and if (s)he uses several different sources in the same document it will be close to impossible to say it is a fake timestamp. |
Beta Was this translation helpful? Give feedback.
-
|
Maybe MuPDF included in SumatraPDF doesn't include the signing part module? Or needs the OpenSSL in a specific location? |
Beta Was this translation helpful? Give feedback.
-
|
Well, here in Europe Union all citizens already have in their national ID card provided by the government Qualified Digital Certificates that are legally valid (at least) in all EU countries, and maybe some countries outside EU. If someone signs their PDF document one can verify in Adobe, or any other application that includes the EU Certificates, if that is a valid certificate. Your PDF is properly signed, but they are all self sign certificates. Of course in countries like Australia, UK, USA, is more difficult because those citizens don't have a national ID card (in the US there are State ID cards, but a citizen can have 50 different State IDs), so people don't have a qualified signing certificate with them all the time, like people in EU, and maybe in some other countries... but they can have it, they just need a Passport or Driver License to request to some certificate company to make one to them, but they have to pay a lot of money for them, and renew ever 1, 2 or 3 year's... in EU these National ID usually last 10 to 15 years, and the signing certificates are valid to be used during that time. |
Beta Was this translation helpful? Give feedback.
-
|
The signing part is the easiest, there are lots of tools for that (JSignPDF, XolidoSign, PDF Signer, etc.) Seeing the certificate signature applied in the PDF file is the hard part (meaning: being able to see the details of the signature), at least in a application that isn't huge on resources consumed. By the way, I don't have Edge installed, since I didn't wanted it, I use Brave and Mozilla Firefox, that I like more. In EU countries we can remove it, in other countries I think is possible but implies a lot more work to make it happen. mutool not properly supporting digital certificate signatures is really a disillusionment. |
Beta Was this translation helpful? Give feedback.
-
|
In latest pre-release 18403 or later:
I don't know much about signatures so let me know if it works / what else can be done (by opening an issue https://github.com/sumatrapdfreader/sumatrapdf/issues) |
Beta Was this translation helpful? Give feedback.



Uh oh!
There was an error while loading. Please reload this page.
-
It would be nice for Sumatra PDF to show digital certificate(s) that have been used to sign a PDF document.
These helps to verify the authenticity of some documents created by people, institutions, companies, governments, etc. that are securely signed.
It should display all the information about the certificate(s), (secure?) timestamp(s), reason for signing (if specified), and everything else that may apply.
It should work with all used algorithms, including but not limited to: RSA, DSA, ECC, SHA1, SHA256, SHA384, SHA512. If possible supporting: PAdES levels (B-B, B-T, B-LT, B-LTA, and PAdES-EPES).
Some use official certificates already in the certificate store of the operating system, but others use self-made certificates that need to be added to the trust list (schools, companies, governments, etc.), so it would be nice for the program to have the flexibility to have that in mind and allow them to be added.
It could also support signing and/ or timestamping, but I'm not sure how much more complexity it adds. So even if it only supports reading existing digital certificate signatures it would already be very nice.
If implementing these have a look at: https://www.pdf-insecurity.org and maybe other sources to be sure the verification is done in a way that isn't vulnerable to forgery, since many programs have had troubles in the past.
Beta Was this translation helpful? Give feedback.
All reactions