How would I validate digital signature for PDFs in linux?

18

5

Adobe Reader, which I use on MS Windows, has the ability to validate the digital signature (created with an X.509 certificate) in a PDF file.

I'd like to do such verification on Linux desktops. I've tried Evince and Okular, the most recommended PDF readers, but they can't do that. On the other hand, Adobe Reader is not available for Linux (see https://get.adobe.com/reader/otherversions/). PDF readers that are built-in in current versions of Firefox and Chrome neither can verify the signatures.

I'm fine with using a gui, command line tool or a firefox/chrome extension to do this.

rpr

Posted 2015-09-22T10:55:47.187

Reputation: 266

Take a look: http://askubuntu.com/questions/226257/how-can-i-validate-a-pdfs-digital-signature-with-evince

– duDE – 2015-09-22T11:15:17.227

3

I've found out that recently there has been some development in poppler, the PDF lib used by Envice and Okular, - see Bug 16770 - support for digital signatures.

– rpr – 2015-09-23T10:34:32.140

Answers

13

Poppler (poppler-utils) contains pdfsig, which verifies the signature against the stored known certificates.

It's not yet super advanced (no export), but a great step ahead.

UPDATE: The original bug number is 16770 and it was pushed into production on 2016-03-01; it was included first in v0.42.

grin

Posted 2015-09-22T10:55:47.187

Reputation: 301

It would be great if you can [edit] this answer to tell us which version (even approximately) introduced this. – a CVn – 2017-01-04T08:48:30.770

Is this imported in Okular or Eviance? – Hrvoje T – 2017-03-21T06:58:33.740

Not available in the poppler-utils included with Ubuntu 16.04 – s1d – 2019-01-16T09:03:43.870

@s1d: it was first in Bionic Beaver, whatever that means in Ubuntuland. I guess 16.04 is old. – grin – 2019-01-17T19:19:49.380

12

Libreoffice Draw is able to read PDFs and allows one to verify document's certificate and signature (File -> Digital Signatures -> Digital Signatures…).

Also, when the PDF has been loaded, there is a warning message if the certificate could not be validated, yet the signature was OK.

I've tested it using 6.0.4.2, but according to crowdfunding page related to PDF signatures in LibreOffice it probably was possible back in 2015, in versions 4.4 or 4.5.

bjauy

Posted 2015-09-22T10:55:47.187

Reputation: 276

Not working for me, says not able to open encrypted document even after supplying the password. v5.1 on Ubuntu 16.04 – s1d – 2019-01-16T08:46:33.123

@s1d was that encrypted document signed as well? – bjauy – 2019-01-18T15:36:11.747

Yes, same eAadhar document being talked about in other threads on this page. – s1d – 2019-01-19T07:06:47.137

0

Try our software PDF Studio Viewer, a PDF Reader for Linux that supports rendering and validating digital signatures. I am a developer for this software.

Disclosure: I am a developer at Qoppa

Leila Holmann

Posted 2015-09-22T10:55:47.187

Reputation: 11

I tried it, it is actually very simple to check whether a pdf is signed or not. I don't know why this was downvoted. – Narcolessico – 2017-12-03T09:53:45.810

I tried this. Got "Signature not validated" message at the bottom of the document. When I click on the question mark hovering that message, I get a "Signature validity is UNKNOWN" pop-up. When I further click on "Details" button, I get certificate details and a button "Trust Certificate" which I click on. I then restart the PDF Studio Viewer and re-open the file, and I still get the same "Signature not validated" message with the question mark, and still "Signature validity is UNKNOWN" when I click on the mark. However, once I click on "Details", it tells me that the certificate is trusted. :S – Jānis Elmeris – 2018-08-10T10:56:14.820

0

The following steps show how to download the Aadhaar Card and convert it to a nice PDF:

  1. Goto https://eaadhaar.uidai.gov.in/eaadhaar/ and fill this ugly looking form.
  2. Enter the code from the SMS to download and save the file. I assume you saved it as “aadhaar-unverified.pdf”.
  3. Install acrobat reader and javascript plugins from the deb-multimedia.org repository: apt-get install acroread acroread-plugins acroread-escript
  4. Open the file with acroread, the password is the ZIP of the city.
  5. Click on the question mark, a window with title “Signature Validation Status” opens.
  6. Click “Signature Properties” to open the window with the same title.
  7. Click “Show Certificate” to open the certificate window. Choose the “Trust” tab.
  8. Click “Add to Trusted Identities”.
  9. Click “OK” to close the certificate window.
  10. Click “Validate Signature”.
  11. Click “Close” to close the Signature Properties window.
  12. Print the page into the file “aadhaar-verified.ps”.
  13. Convert the postscript file to pdf. The following command is one line. The “sed” removes a stupid “copy protection” from the postscript file and ps2pdf then creates the PDF file. sed "/mark currentfile eexec/,/cleartomark/ d" aadhaar-verified.ps | ps2pdf - aadhaar-verified.pdf
  14. Now print the copy of your E-Aadhaar Card on paper and make backups of your PDF file.

Now you have a nice verified PDF which you can print without any problems. Wasn’t that simple, eh?

Mohit Nigam

Posted 2015-09-22T10:55:47.187

Reputation: 1

Can you please elaborate step no.3 ? – Yuvraj Patil – 2018-02-05T16:42:12.583

I so much don't understand what is this all about that I can't even downvote. – akostadinov – 2019-08-23T15:40:56.297

I am glad these morons specifically designed the aadhar verification process to irritate linux users.I wonder how the code on backend would be. – Naveen – 2019-11-27T09:12:56.553

Asked: 2015-09-22T10:55:47.187

Viewed: 18 065 times

Active: 2018-06-12T10:51:39.513