mirror of
https://gitea.blesmrt.net/mikaela/gist.git
synced 2025-01-10 20:32:35 +01:00
Compare commits
2 Commits
7b05abe5ae
...
f68efecb4e
| Author | SHA1 | Date | |
|---|---|---|---|
f68efecb4e
|
|||
|
bae2fe0c0e
|
@ -43,6 +43,41 @@ In Settings, Advanced, Security devices load the module from (DVV app) `/usr/lib
|
|||||||
`onepin` is a workaround to not ask for PIN2 which is only used for legal agreements,
|
`onepin` is a workaround to not ask for PIN2 which is only used for legal agreements,
|
||||||
email signing also uses PIN1.
|
email signing also uses PIN1.
|
||||||
|
|
||||||
|
## Okular
|
||||||
|
|
||||||
|
Okular is the KDE document viewer and supports signing PDF files using FINEID!
|
||||||
|
|
||||||
|
There are three ways to go, they all begin with *Settings* menu, *Configure backends*
|
||||||
|
and *PDF*.
|
||||||
|
|
||||||
|
Set the certificate database to one of the three:
|
||||||
|
|
||||||
|
* `/etc/nssdb` with password that I don't know.
|
||||||
|
* `~/.pki/nssdb` which password theoretically reads in `~/.digisign/Seed.txt` assuming the official DigiSignApplication is used.
|
||||||
|
* `~/.mozilla/firefox/<randomString>.<ProfileName>` - when Firefox is used (may require the configuration above), didn't ask me for a password, which may be the main password and directly offers the certificates from FINEID.
|
||||||
|
|
||||||
|
Next Apply or OK and restart Okular, open *Tools* menu and select
|
||||||
|
*Digitally sign...*, draw an area for the signature (which FINEID wants to be big),
|
||||||
|
select where to save the signed .pdf and enter the signing PIN a few times.
|
||||||
|
|
||||||
|
These signed documents can then be verified at [English](https://dvv.fi/en/validate-pdf-document),
|
||||||
|
[Finnish](https://dvv.fi/tarkasta-pdf-asiakirja) or [Swedish](https://dvv.fi/sv/granska-pdf-dokument)
|
||||||
|
or other EIDAS/European signing verification capable services or applications.
|
||||||
|
|
||||||
|
```txt
|
||||||
|
✔️ PDF document validated. The following signatures were found:
|
||||||
|
1 valid signatures with EU qualified certificate issuers and signature keys stored in a qualified signature creation device.
|
||||||
|
|
||||||
|
Signature 1/1: [...]
|
||||||
|
✔️ The electronic signature is valid and has not been modified or forged after signature. Signature level is PKCS7_B (basic).
|
||||||
|
✔️ The signature is made by a party trusted by DVV.
|
||||||
|
✔️ The signature is made with an EU qualified certificate.
|
||||||
|
✔️ The signature key is stored in an EU qualified signature creation device (QSCD).
|
||||||
|
Signed by: ...
|
||||||
|
Issuer of certificate and root certificate: VRK Gov. CA for Citizen Certificates - G3 | VRK Gov. Root CA - G2 (Trusted)
|
||||||
|
Time of signature: ... (Time stamp not validated by a time stamp authority (TSA))
|
||||||
|
```
|
||||||
|
|
||||||
## Root certificates
|
## Root certificates
|
||||||
|
|
||||||
While I don't think the user necessarily needs them, my notes mention `DVV Gov. Root CA`.
|
While I don't think the user necessarily needs them, my notes mention `DVV Gov. Root CA`.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user