Mikaela/gist
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/gist.git synced 2025-01-10 20:32:35 +01:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Mikaela:7b05abe5ae0d46ecc196dcea83362cf674e0e1f0
Branches Tags
Mikaela:master
..
compare: Mikaela:f68efecb4e91e23c40bb625f64505dfbfea1d3c4
Branches Tags
Mikaela:master

2 Commits
7b05abe5ae ... f68efecb4e

Author SHA1 Message Date
Aminda Suomalainen
f68efecb4e
fineid/README.md: add DVV validation link and example output 2022-10-13 18:00:55 +03:00
Aminda Suomalainen
bae2fe0c0e
fineid/README.md: document using Okular for pdf signing with FINEID 2022-10-13 17:46:25 +03:00
1 changed files with 35 additions and 0 deletions
Show Stats Expand all files Collapse all files

35
fineid/README.md
View File

@ -43,6 +43,41 @@ In Settings, Advanced, Security devices load the module from (DVV app) `/usr/lib
`onepin` is a workaround to not ask for PIN2 which is only used for legal agreements,
email signing also uses PIN1.
## Okular
Okular is the KDE document viewer and supports signing PDF files using FINEID!
There are three ways to go, they all begin with *Settings* menu, *Configure backends*
and *PDF*.
Set the certificate database to one of the three:
* `/etc/nssdb` with password that I don't know.
* `~/.pki/nssdb` which password theoretically reads in `~/.digisign/Seed.txt` assuming the official DigiSignApplication is used.
* `~/.mozilla/firefox/<randomString>.<ProfileName>` - when Firefox is used (may require the configuration above), didn't ask me for a password, which may be the main password and directly offers the certificates from FINEID.
Next Apply or OK and restart Okular, open *Tools* menu and select
*Digitally sign...*, draw an area for the signature (which FINEID wants to be big),
select where to save the signed .pdf and enter the signing PIN a few times.
These signed documents can then be verified at [English](https://dvv.fi/en/validate-pdf-document),
[Finnish](https://dvv.fi/tarkasta-pdf-asiakirja) or [Swedish](https://dvv.fi/sv/granska-pdf-dokument)
or other EIDAS/European signing verification capable services or applications.
```txt
✔️ PDF document validated. The following signatures were found:
1 valid signatures with EU qualified certificate issuers and signature keys stored in a qualified signature creation device.
Signature 1/1: [...]
✔️ The electronic signature is valid and has not been modified or forged after signature. Signature level is PKCS7_B (basic).
✔️ The signature is made by a party trusted by DVV.
✔️ The signature is made with an EU qualified certificate.
✔️ The signature key is stored in an EU qualified signature creation device (QSCD).
Signed by: ...
Issuer of certificate and root certificate: VRK Gov. CA for Citizen Certificates - G3 | VRK Gov. Root CA - G2 (Trusted)
Time of signature: ... (Time stamp not validated by a time stamp authority (TSA))
```
## Root certificates
While I don't think the user necessarily needs them, my notes mention `DVV Gov. Root CA`.