| <<<Back 1 day (to 2020/07/01) | Fwd 1 day (to 2020/07/03)>>> | 20200702 |
paulgardiner | What flags to clean for the likely most human-readable result? I'm trying -dzDca at the moment. | 11:49.26 |
sebras | paulgardiner: that seems sensible to me, is there some object that comes out non-readable? | 11:54.57 |
paulgardiner | Most of the document still seems to be non-readable. | 11:59.34 |
| It's a document I've eSigned. Was expecting to see an Ink annotation, but I'm not seeing much I understand and there are references to ADBE_FillSign and FillSignData. | 12:01.05 |
| Lots of ASCIIHexDecode/FlateDecode streams. I'm sure I'm doing something daft. | 12:01.58 |
sebras | -z deflates uncompressed streams | 12:04.04 |
| -a uses ascii hex encoding for binary streams | 12:04.12 |
| I would expect the latter to do ascii hex for images. | 12:04.27 |
| try without those two. | 12:04.42 |
| paulgardiner: ^^ | 12:04.45 |
kens | I normally only use -d for decompressing a PDF file to look at | 12:06.40 |
paulgardiner | Yeah, I think that's what I have used in the past | 12:07.49 |
sebras | kens: paulgardiner: -c does content stream cleaning, might be useful some times? -D saves without encryption which sounds useful in this situation too. | 12:09.04 |
paulgardiner | Actually -d does give better results. I thought I tried that first and then added more flags when it was less readable than I was expecting | 12:09.24 |
kens | Yes, I've not normally been trying on encrypted files | 12:09.29 |
| I do sometimes us -g to discard unused content | 12:09.51 |
| But mostly just -d | 12:09.59 |
paulgardiner | Ah, maybe it is that -d alone lays the result out more pleasingly than -dzDca | 12:11.12 |
| There are signs now that eSigs are held as images rather than Ink annotations. ADBE_FillSign references continue to be a mystery. | 12:13.46 |
kens | This is a PDF you signed with Acrobat or soemthing ? | 12:14.23 |
paulgardiner | Yes. Not the usual digital signature, but the electronic form of a penned signature | 12:15.59 |
kens | Do you want me to poke at it ? | 12:16.10 |
| If so stick the original and signed PDFs somewhere and I'll take a quick peek | 12:16.24 |
paulgardiner | Great. Thanks | 12:16.41 |
| I uploaded them to /home/paulg/esigdocs on Casper. | 12:20.38 |
kens | OK give me a minute | 12:20.46 |
paulgardiner | Yeah sure. No hurry at all. | 12:21.20 |
avih | what's "Casper", other than the ghost? | 12:24.44 |
kens | One of our server names | 12:25.07 |
avih | oh, i thought paulgardiner was a user. | 12:26.58 |
kens | :-) | 12:27.11 |
| He hasn't asked to have admin privileges here, he could have them if he wanted. Actually I'm not sure why I do.... | 12:27.32 |
avih | i actually never look at the irc admins. many times it doesn't mean much, /methinks | 12:28.13 |
kens | Ah well teh client I'm using lists them first, adn with a green blob, so they stand out | 12:28.36 |
avih | sure, same here, but i don't look at the names list | 12:28.54 |
kens | paulgardiner: So the original file has a single content stream which uses a single form, that form uses a single image (presumably the logo) | 12:29.31 |
| The signed file is way more complicated | 12:29.37 |
avih | kens: why would you look at the users list at an irc channel? | 12:29.43 |
kens | Generally I don't | 12:29.54 |
avih | yeah.. | 12:29.59 |
kens | But when you mentioned paul was just a user I looked to see and he's not marked as an admin | 12:30.08 |
avih | right | 12:30.15 |
kens | paulgardiner: the signed file has had teh single content stream of the original broken up into multiple smaller ones | 12:30.48 |
| The signature has been added as marked content (/ADBE_FillSign BMC ..... EMC) | 12:31.23 |
paulgardiner | Interesting | 12:31.30 |
kens | And uses a Form XObject called Fm1 | 12:31.36 |
| Looks like the original form and image remain essentially untouched. | 12:32.15 |
| Now Fm1 (the marked coentent | 12:32.23 |
sebras | kens: the form xobject is wrapped a few times. :) | 12:32.48 |
kens | Which one sebras ? | 12:33.04 |
sebras | kens: object 29 | 12:33.18 |
kens | I see object 29 (Fm1) calls object 28 | 12:33.24 |
sebras | yes, exactly. | 12:33.32 |
kens | and does nothing else which is pretty pointless | 12:33.34 |
| But.... | 12:33.42 |
sebras | ^^ :) | 12:33.42 |
kens | Object 29 has a dictionary with the key /ADBE_FillSign | 12:33.58 |
| which has some possibly interesting fields | 12:34.09 |
| Object 28 *also* Has a dictioanry with the key /ADBE_FillSign, with totally different key/cvalue pairs | 12:34.36 |
sebras | kens: is ADBE_FillSign something from a spec? | 12:34.46 |
kens | These appear to be Adobe-specific extensions, judging by the ADBE_ prefix | 12:35.04 |
sebras | using google to look for ADBE_FillSign turned up surprisingly few hits. | 12:35.30 |
kens | I didn't try | 12:35.39 |
| It looks to me like its an Adobe-proprietary thing | 12:35.49 |
paulgardiner | Yep. I had little luck with google. | 12:35.50 |
kens | One of the keys in teh ADBE_FillSign in object 28 is /Subtype /signature | 12:36.16 |
| paulgardiner: what's your aim here ? | 12:36.23 |
sebras | I wonder what makes this fillsign thingy different from just a plain xobject. | 12:36.42 |
| plain form xobject. | 12:36.46 |
kens | Nothing, except the adobe extensions | 12:36.55 |
| Presumably that allows Acrobat to deal with them 'specially' in some way | 12:37.07 |
sebras | I assume so too, but I wonder what these flags do. | 12:37.54 |
paulgardiner | It would be a useful feature of a signature if somehow they are making the moving of it from one document to another detectable. | 12:38.24 |
kens | Well FieldColor seems pretty sel-explanatory | 12:38.32 |
| paulgardiner: I don't think you could detect that from what's here | 12:38.48 |
| *can* you move it to another document in Acrobat ? | 12:39.09 |
paulgardiner | Yeah. It seemed unlikely | 12:39.10 |
sebras | kens: perhaps by /AssetID? | 12:39.12 |
kens | I don't think so | 12:39.23 |
| But that's one of the two things I don't know what they do | 12:39.52 |
sebras | kens: searching online turned up: /ADBE_FillSign<</AutoWidth true/Size[11.0789 14.3208]/Subtype/text/Text 3181/Type/FillSignData>> so perhaps there are more fields that aren't used in this case. | 12:40.18 |
kens | But since tehre's nothing like a SHA or MD5 in the dictionary, I can't see any way to tie it to the document | 12:40.29 |
| sebras that would not surprise me at all | 12:40.43 |
paulgardiner | The test would be can someone other than me move that signature to another document. | 12:40.57 |
kens | This feels like its an Adobe addition that never made it into the spec. Essentially a diferent kind of Annotation | 12:41.05 |
| paulgardiner: how do ytou move it to another document ? | 12:41.56 |
| Oh I can copy and paste it | 12:42.19 |
paulgardiner | I don't actually know. I was just saying that would be the test. | 12:42.20 |
kens | Let me save that modified doc | 12:42.34 |
sebras | paulgardiner: search for /ADBE_FillSign here to find even more Subtypes (excludedFields, initials, page)... https://marc.info/?l=kde-promo&m=155146480506721&w=2 | 12:42.44 |
paulgardiner | What is that? | 12:43.59 |
sebras | paulgardiner: eh, I meant to send that to kens. :) | 12:44.51 |
kens | I guess it cotnains the stuff that is needed to recreate teh signature in Acrobat | 12:45.30 |
sebras | paulgardiner: I'm trying to find more examples of this ADBE_FillSign. I think kens is right in saying this appears to be a different kind of annotation. | 12:45.33 |
kens | I've no idea what most of those would be | 12:45.36 |
paulgardiner | I should probably point out that I was perhaps a little foolish in using a file that has what is not a bad likeness of my actual signature :-) | 12:47.15 |
kens | Not hte best plan :-) | 12:47.32 |
| OK so I can copy it to another PDF file, but Acrobat (my version anyway, X) doesn't embed it the same way | 12:47.49 |
| Its no longer a Form XObject apparently | 12:48.01 |
| But its definitely there, I can put the file on casper if you want to look at it | 12:48.13 |
| So my feeling is that that kind of signature is not a security thing | 12:48.46 |
| It coudl as easily be a stamp annotation | 12:48.53 |
paulgardiner | No worries to see it. I think that confirms it has no unexpected true security | 12:49.30 |
kens | OK I'll leave it with you then :-) | 12:49.55 |
| Back to the misery of garbage collection :-( | 12:49.55 |
paulgardiner | Thanks for taking a look. | 12:50.07 |
kens | No worries, I can read PDF files pretty easily.... | 12:50.18 |
paulgardiner | yeah, I've noticed. :-) | 12:50.31 |
| Probably best delete the copies if you don't mind. | 12:50.49 |
kens | Yes will do that now | 12:51.00 |
paulgardiner | If we want to do further analysis, I'll prepare something with less specific scribble. | 12:51.21 |
kens | Mickey Mouse is a good signature | 12:51.45 |
sebras | kens: FillSign just shows how bad the infra structure is for cryptographically secure digital signatures. :-/ | 13:00.38 |
kens | sebras do you think so ? It doesn't seem to have much to do with cyptographics signatures as far as I can see | 13:01.11 |
| That seems to be a separate thing | 13:01.17 |
| Though I'm not well up on that because its not really relevant to Ghostscript | 13:01.31 |
| I should have thought to try rendering Paul's file with GS before I deleted it. Oh well... | 13:02.07 |
sebras | kens: I haven't deleted the file yet. gs draws the signature there too. | 13:02.47 |
kens | I thought it probably would, its not a hard thing | 13:03.08 |
| but thanks for trying | 13:03.11 |
sebras | I'll try Adobe Fill & Sign for android and see if it creates similar "signatures". | 13:05.44 |
dk657 | how can i build for wayland support | 16:47.36 |
| i tried HAVE_X11=no HAVE_GLUT=yes | 16:48.09 |
sebras | dk657: I don't think the default mupdf viewer provides any wayland support. | 16:48.55 |
dk657 | sebras: well that makes more sense now :P | 16:49.28 |
| i saw some gentoo back-and-forth about compiling mupdf for wayland builds | 16:49.53 |
sebras | dk657: I normally use mupdf-x11 myself, but ator uses mupdf-gl which is based on freegluit. | 16:50.54 |
| perhaps that has some wayland bindings? I'm quite unfamiliar with freeglut though. | 16:51.19 |
dk657 | sebras: mupdf-gl gets built with HAVE_X11=no HAVE_GLUT=yes | 16:51.56 |
| but... nothing happens when i try to open a pdf :) | 16:52.05 |
sebras | dk657: ok, that doesn't sound good of course. :) | 16:53.08 |
| dk657: I don't run wayland myself so I can't reproduce this in a hurry. | 16:53.22 |
dk657 | no problem | 16:54.14 |
sebras | dk657: we have a wishlist bug for wayland integration it seems: https://bugs.ghostscript.com/show_bug.cgi?id=702334 | 16:55.32 |
dk657 | i was curious if it wants an environment variable set or something. e.g. firefox needs to see MOZ_ENABLE_WAYLAND=1 | 16:55.44 |
| ah great | 16:55.55 |
| thank you | 16:55.57 |
| <<<Back 1 day (to 2020/07/01) | Forward 1 day (to 2020/07/03)>>> | |