Abort validation if signature verification fails #90
Description
Please do not disclose security vulnerabilities as issues. See our security policy for responsible disclosures.
Describe the bug
Signature verification is one step in the validation. Unfortunately, some actions are still done upon the SEI even if SEI si not known to be correct. For example, an exported file usually fails the first validation since it does not belong to the file. This first validation is therefore ignored and signals SIGNATURE_PRESENT instead, since we know it is signed (there is a SEI). If the Public key has been changed or other critical data, the signature verification fails. Then NOT_OK should be signaled instead.