(In reply to comment #30) > (In reply to comment #26) > > What's missing in gnutls is a way to parse all the relevant components of > > the > > PKCS#7 object as present in a PDF signature. > > > > It seems that in gnutls they assume those objects can only contain > > certificates > > and CRLs as you can confirm if you go through the functions that take > > gnutls_pkcs7_t as argument. > > > > With openssl you can get the certificates, signature, and the digest of the > > signed content (these are the essential parts for detached signatures as > > used > > in PDF) as well as any optional timestamps or CRLs. > > Would it be a lot of work to add support for that to gnutls?
Replying to myself: <KaL> I wonder if it could be useful for glib-networking to implement the missing things in gnutls, or if we don't need that at all <danw> reading... <danw> chpe, KaL_out: both gnutls and glib-networking intentionally only do TLS, not crypto in general, so I don't think it makes sense to add the extra PKCS#7 functionality to either of them <danw> NSS would be better than OpenSSL, and once all the p11-kit / NSS-shared-DB stuff gets figured out fully, then NSS-based apps will be able to access your gnome-keyring certificates via PKCS#11 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/740506 Title: verify digital signatures To manage notifications about this bug go to: https://bugs.launchpad.net/poppler/+bug/740506/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
