Highlights
- Sign tab: explicit CAdES / PAdES / XAdES radio selector. PAdES is enabled only for
.pdfsources, XAdES only for.xml, CAdES is always available — so you can now sign a PDF as.p7menveloping when you need to. - Verify: reports every signer on multi-signed CAdES and XAdES, and transparently descends into nested re-enveloping (
name-signed-signed.p7m) so each signature in the chain is checked and listed. - New
sigillum extractsubcommand and "Extract content…" GUI button: recover the original document carried inside a.p7m, automatically peeling through nested CMS layers. Pass--shallowfrom the CLI to extract a single layer instead. - Bash and zsh shell completion shipped with the
.deband.rpm; PyPI/source users source the scripts fromcompletion/manually (see README).
Fixes
- CAdES-signing a file already ending in
.p7mno longer produces a double.p7m.p7mextension (suggested output becomes<stem>-signed.p7m). - Passwordless PKCS#12 files are accepted on both Sign and Decrypt (only PKCS#11 tokens still require a PIN; symmetric decryption still requires the key).
Full Changelog: v0.2.1...v0.2.2