How would I validate digital signature for PDFs in linux?
Adobe Reader, which I use on MS Windows, has the ability to validate the digital signature (created with an X.509 certificate) in a PDF file.
I'd like to do such verification on Linux desktops. I've tried Evince and Okular, the most recommended PDF readers, but they can't do that. On the other hand, Adobe Reader is not available for Linux (see https://get.adobe.com/reader/otherversions/). PDF readers that are built-in in current versions of Firefox and Chrome neither can verify the signatures.
I'm fine with using a gui, command line tool or a firefox/chrome extension to do this.
Solution 1:
Poppler (poppler-utils) contains pdfsig
, which verifies the signature against the stored known certificates.
It's not yet super advanced (no export), but a great step ahead.
UPDATE: The original bug number is 16770 and it was pushed into production on 2016-03-01; it was included first in v0.42.
Solution 2:
Libreoffice Draw is able to read PDFs and allows one to verify document's certificate and signature (File -> Digital Signatures -> Digital Signatures…
).
Also, when the PDF has been loaded, there is a warning message if the certificate could not be validated, yet the signature was OK.
I've tested it using 6.0.4.2, but according to crowdfunding page related to PDF signatures in LibreOffice it probably was possible back in 2015, in versions 4.4 or 4.5.