Bug 106952

Summary: pdfunite must remove invalidated digital signatures
Product: poppler Reporter: Alexander E. Patrakov <patrakov>
Component: utilsAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED MOVED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: First document with a signature
Second document with a signature

Description Alexander E. Patrakov 2018-06-18 13:49:31 UTC
Created attachment 140204 [details]
First document with a signature

If I run pdfunite on pdf files, at least one of which is signed, then the result has an invalid digital signature. I think that any signatures that cannot be properly preserved must be removed.

To reproduce:

[aep@aep-haswell tmp]$ pdfsig 'Untitled 1.pdf'
Digital Signature Info of: Untitled 1.pdf
Signature #1:
  - Signer Certificate Common Name: (null)
  - Signer full Distinguished Name: E=patrakov@gmail.com
  - Signing Time: Jun 18 2018 21:43:41
  - Signing Hash Algorithm: SHA-256
  - Signature Type: adbe.pkcs7.detached
  - Signed Ranges: [0 - 9563], [59565 - 60513]
  - Total document signed
  - Signature Validation: Signature is Valid.
  - Certificate Validation: Certificate is Trusted.
[aep@aep-haswell tmp]$ pdfsig 'Untitled 2.pdf'
Digital Signature Info of: Untitled 2.pdf
Signature #1:
  - Signer Certificate Common Name: (null)
  - Signer full Distinguished Name: E=patrakov@gmail.com
  - Signing Time: Jun 18 2018 21:44:21
  - Signing Hash Algorithm: SHA-256
  - Signature Type: adbe.pkcs7.detached
  - Signed Ranges: [0 - 9426], [59428 - 60376]
  - Total document signed
  - Signature Validation: Signature is Valid.
  - Certificate Validation: Certificate is Trusted.
[aep@aep-haswell tmp]$ pdfunite 'Untitled 1.pdf' 'Untitled 2.pdf' 'Untitled 12.pdf'
[aep@aep-haswell tmp]$ pdfsig 'Untitled 12.pdf'
Digital Signature Info of: Untitled 12.pdf
Signature #1:
  - Signer Certificate Common Name: (null)
  - Signer full Distinguished Name: E=patrakov@gmail.com
  - Signing Time: Jun 18 2018 21:43:41
  - Signing Hash Algorithm: SHA-256
  - Signature Type: adbe.pkcs7.detached
  - Signed Ranges: [0 - 9563], [59565 - 60513]
  - Not total document signed
  - Signature Validation: Digest Mismatch.
Signature #2:
  - Signer Certificate Common Name: (null)
  - Signer full Distinguished Name: E=patrakov@gmail.com
  - Signing Time: Jun 18 2018 21:44:21
  - Signing Hash Algorithm: SHA-256
  - Signature Type: adbe.pkcs7.detached
  - Signed Ranges: [0 - 9426], [59428 - 60376]
  - Not total document signed
  - Signature Validation: Digest Mismatch.
Comment 1 Alexander E. Patrakov 2018-06-18 13:49:54 UTC
Created attachment 140205 [details]
Second document with a signature
Comment 2 GitLab Migration User 2018-08-20 21:47:20 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/poppler/poppler/issues/71.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.