Bugzilla – Bug 1215890
okular does not find any certificate for digital signing
Last modified: 2023-10-16 10:53:31 UTC
We can't digital sign with OKULAR. We can digital sign mails with kmail or a document with LibreOffice. Kleopatra, Kmail, LibreOffice find my certificates, not Okular. According to what I understand from this report https://bugs.kde.org/show_bug.cgi?id=469705 We need: - okular default certificate folder is ~.gnupg - gpg 2.4.1 or later - poppler built with gpgme support. Thanks Operating System: openSUSE Tumbleweed 20230929 KDE Plasma Version: 5.27.8 KDE Frameworks Version: 5.110.0 Qt Version: 5.15.10 KDE Gears 23.08.1
Unless https://bugzilla.opensuse.org/1211444 / https://bugzilla.opensuse.org/1211456 get addressed, factory can't have gpg 2.4.1 and okular can't have signing support.
gpg2 2.4.3 is now available in Tumbleweed. There's nothing else to do for this report. Also see https://bugzilla.opensuse.org/show_bug.cgi?id=1215632 which was fixed last month.
Created attachment 870141 [details] no certificate The problem is not fixed. Okular does not find any gpg certificate.
i forgot to reopen the report
Just tested with a x509 certificate, it appears in the backends dialog and signing works as expected.
Did you see the capture? It's about GPG certificates, not NSS. Okular does not find the GPG certificates in ~/gnupg folder in the contrary of kmail, LibreOffice, kleopatra.
Created attachment 870212 [details] Signing dialog
Don't reopen unless you tried creating a x509 certificate to sign a pdf. There's no issue left, now that gpg has the correct version.
The dialog and the feature is not about signing with a gpg key, it needs an actual certificate to sign PDF files.
From the very beginning, see the description, I speak about gpg certificates found and used by kmail, libreOffice, Kleopatra for digital signing, not the x509 certificates. I am happy that now we can digital sign with a x509 certificate, but this is not the problem defined in "description".
(In reply to Episteme PROMENEUR from comment #10) > From the very beginning, see the description, I speak about gpg certificates > found and used by kmail, libreOffice, Kleopatra for digital signing, not the > x509 certificates. > > I am happy that now we can digital sign with a x509 certificate, but this is > not the problem defined in "description". the x509 certificate was created using `gpgsm --gen-key > test.pem` then imported to gpg. What kind of gpg certificate do you have in mind? how can they be generated?
Created attachment 870222 [details] signing with LibreOffice see the capture. you see the certificates used by LibreOffice or kmail and managed by kleopatra
(In reply to Episteme PROMENEUR from comment #12) > Created attachment 870222 [details] > signing with LibreOffice > > see the capture. > > you see the certificates used by LibreOffice or kmail and managed by > kleopatra This type of signature is not supported by the pdf standard, okular doesn't support it.
OK thanks At least openSUSE okular get some improvements