Mikaela/gist
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/gist.git synced 2025-02-11 12:20:53 +01:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Mikaela:f68efecb4e91e23c40bb625f64505dfbfea1d3c4
Branches Tags
Mikaela:master
..
compare: Mikaela:7b05abe5ae0d46ecc196dcea83362cf674e0e1f0
Branches Tags
Mikaela:master

No commits in common. "f68efecb4e91e23c40bb625f64505dfbfea1d3c4" and "7b05abe5ae0d46ecc196dcea83362cf674e0e1f0" have entirely different histories.
f68efecb4e ... 7b05abe5ae

1 changed files with 0 additions and 35 deletions
Show Stats Expand all files Collapse all files

35
fineid/README.md
View File

@ -43,41 +43,6 @@ In Settings, Advanced, Security devices load the module from (DVV app) `/usr/lib
`onepin` is a workaround to not ask for PIN2 which is only used for legal agreements, `onepin` is a workaround to not ask for PIN2 which is only used for legal agreements,
email signing also uses PIN1. email signing also uses PIN1.
## Okular
Okular is the KDE document viewer and supports signing PDF files using FINEID!
There are three ways to go, they all begin with *Settings* menu, *Configure backends*
and *PDF*.
Set the certificate database to one of the three:
* `/etc/nssdb` with password that I don't know.
* `~/.pki/nssdb` which password theoretically reads in `~/.digisign/Seed.txt` assuming the official DigiSignApplication is used.
* `~/.mozilla/firefox/<randomString>.<ProfileName>` - when Firefox is used (may require the configuration above), didn't ask me for a password, which may be the main password and directly offers the certificates from FINEID.
Next Apply or OK and restart Okular, open *Tools* menu and select
*Digitally sign...*, draw an area for the signature (which FINEID wants to be big),
select where to save the signed .pdf and enter the signing PIN a few times.
These signed documents can then be verified at [English](https://dvv.fi/en/validate-pdf-document),
[Finnish](https://dvv.fi/tarkasta-pdf-asiakirja) or [Swedish](https://dvv.fi/sv/granska-pdf-dokument)
or other EIDAS/European signing verification capable services or applications.
```txt
✔️ PDF document validated. The following signatures were found:
1 valid signatures with EU qualified certificate issuers and signature keys stored in a qualified signature creation device.
Signature 1/1: [...]
✔️ The electronic signature is valid and has not been modified or forged after signature. Signature level is PKCS7_B (basic).
✔️ The signature is made by a party trusted by DVV.
✔️ The signature is made with an EU qualified certificate.
✔️ The signature key is stored in an EU qualified signature creation device (QSCD).
Signed by: ...
Issuer of certificate and root certificate: VRK Gov. CA for Citizen Certificates - G3 | VRK Gov. Root CA - G2 (Trusted)
Time of signature: ... (Time stamp not validated by a time stamp authority (TSA))
```
## Root certificates ## Root certificates
While I don't think the user necessarily needs them, my notes mention `DVV Gov. Root CA`. While I don't think the user necessarily needs them, my notes mention `DVV Gov. Root CA`.