Implement digital signature validation

[timvandermeij]

(Previously tracked in #1076.)

PDF.js now displays digital signatures, but doesn't validate them, which is comparable to what other PDF viewers do. However, it would be good if we can also implement validation for them, so this is a tracking issue for that.

[calixteman]

It's pretty easy to implement (regarding existing js libraries) BUT the main concern is about having something the user can trust because here everything is a matter of trust. So if we rely on a third party js lib, it means that we must control everything happening in this lib to avoid a bug or injection of bad code or whatever: it's time consuming (any change in the lib could have an impact in every other place), it requires particular skills (crypto + js skills), so it's likely a bad solution. For this reason, we think that a good solution (at least for the build-in pdf viewer) is to rely on NSS (https://hg.mozilla.org/projects/nss), expose what is needed (from the crypto's side) to javascript and let the experts (crypto team, cc @beurdouche, @mozkeeler) decide what's the best way to implement that stuff.

[mozkeeler]

Does this need to be in NSS? Does pdf.js have access to the gecko runtime?

[CetinSert]

Does window.crypto.subtle not expose the required primitives to do this without 3rd-party dependencies?

(I think/support that non-browsers environments are not an official target for the project but for anyone concerned about support in Node, see https://nodejs.org/api/webcrypto.html#webcrypto_class_subtlecrypto .)

[rmhrisk]

@cetinsert the complication isn't crypto, it is support for certificate decoding, trust stores, path validation, timestamping, CMS, etc so, unfortunately, webcrypto isn't enough. Made https://pkijs.org/ to provide these things on top of WebCrypto but in Mozilla land, NSS would be a natural choice as it has many, but not all of these things.

There is the question of trust store contents, this gets more complicated, the Mozilla Trust Store does have a S/MIME policy but nothing for document signing. It also lacks the necessary timestamping and numerous attributes one needs when doing a full implementation so there is still a non-trivial amount of work to do with this approach.

[earthchie]

For anyone who's looking for a temporary solution while waiting for official support from this project. This repo might help you: https://github.com/rootca-id/pkiwebsdk/blob/master/src/pdf.js

[mozkeeler]

Does this need to be in NSS? Does pdf.js have access to the gecko runtime?

@calixteman just making sure you saw this ^

[calixteman]

@mozkeeler, thanks for reminding me. I'm not crypto expert at all, but in poppler they're using some NSS stuff to implement part of signature validation so I guess we would need too. And yes we've access to gecko runtime, for example: https://searchfox.org/mozilla-central/source/toolkit/components/pdfjs/content/PdfStreamConverter.jsm#268

[ghost]

Any estimate on when this will be available in a stable release?

[marco-c]

@andrewyu7575 there are no short term plans to implement digital signature validation, but we'd be happy to accept a contribution.

[KentuckyMC]

Just bumped into this. Is there any 'simple' way to just display a 'warning' onscreen that the shown signatures are not validated? Now there is only a console.warn, but maybe just show something inside the pdf.js as overlay or something, to warn users that the signatures shown are not displayed? Any Idea where I can put something like this in the code?

[lexcorp]

Esperemos diez años hasta que implementen esto, como paso con el #1076

[lexcorp]

Why don't you use https://pkijs.org/ to implement signature validation as @rmhrisk suggests?

https://github.com/PeculiarVentures/PKI.js

[lexcorp]

Hello, what is required for this to move forward?

What would the roadmap be?

Could you list the requirements to know how we can contribute?

[marco-c]

@lexcorp the path to fix this is what Calixte said in https://github.com/mozilla/pdf.js/issues/13351#issuecomment-835793103.

We need to write code to validate signatures using NSS, then expose the required functions to pdf.js.

[beurdouche]

We might be able to rely on part of the TLS certificate chain verification functions we already ship in Gecko/PSM, but that's not enough, we need a root CA store specific to "document signing" (which isn't a well defined notion at this point...).

I am restarting the internal discussion by email.

[lexcorp]

@beurdouche If you need a CA for test, you can use Dogtag Certificate System:

https://github.com/dogtagpki/pki

https://people.redhat.com/tscherf/articles/lm_en_dogtag.pdf