[pkg-gnupg-maint] Bug#1105820: Poppler PGP signatures on PDF files produce non-standard OpenPGP packets [was: Re: Bug#1105820: Gnupg-in-debian considers comment packets invalid]
Sune Stolborg Vuorela
sune at debian.org
Wed May 21 09:32:29 BST 2025
On Tuesday, May 20, 2025 10:23:03 PM CEST you wrote:
> What i'm hearing from this is that poppler wants interoperability with
> other GnuPG installations, but not with other OpenPGP installations.
>
> Is that correct? That doesn't seem like a great strategy for Poppler,
> or for the PDF ecosystem. Why not produce standard padding packets?
Upstream released GnuPG is the reference implementation for the pdf bits in
the g10c namespace, and given it can't be done in a good way within rfc-4880,
a GnuPG extension that has existed since 1998 was used.
> afaict, GnuPG upstream also implicitly supports the practice of ignoring
> standard padding packets during detached signature verification:
Unfortunately you seem to be wrong here.
I have added a autotest to poppler that signs with a
g10c.pgp.signature.detached and read back the signature on a document and that
fails with you submitted merge request. I have also tried it manually and got
the same results.
/Sune
--
I didn’t stop pretending when I became an adult, it’s just that when I was a
kid I was pretending that I fit into the rules and structures of this world.
And now that I’m an adult, I pretend that those rules and structures exist.
- zefrank
More information about the pkg-gnupg-maint
mailing list