Digitally sign .ttf releases

Reported by Paul Sladen on 2010-10-06
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu Font Family
Wishlist
Unassigned

Bug Description

Signed .ttf files are based on the hash of the whole font minus 'DSIG' table and with a zeroed checksum. The 'DSIG' table is then added and a PKCS#7 signature stored in this table:

  http://www.microsoft.com/typography/otspec140/dsig.htm

The implementation would probably need to be validated against current tools:

  http://www.microsoft.com/typography/developers/dsig/dsig.htm

Paul Sladen (sladen) on 2010-10-06
Changed in ubuntu-font-family:
importance: Undecided → Wishlist
milestone: none → 1.00
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers