Hi Dave > On 09/28/2021 11:35 PM Dave Fisher <w...@apache.org> wrote:
> I think that AOO42X and Trunk need to improve in three ways. > > (1) We need to make sure that we hook to the systems native key store and/or > a Mozilla keystone. > Setup may need to be improved. > (2) We need to allow a PGP and EU card key to be selected and converted to > X509 internally while signing. > It looks like ODF 1.3 spec makes no changes to ODF 1.2 in terms of > digital signatures. > (3) We need to properly display whatever signatures are on the document. I agree. It is good news that ODF 1.2 supports signatures (although it would be ideal for AOO to move on to ODF 1.3) > What happens when you inspect the digital signatures of a file signed in LO > with PGP and EU card in AOO 4.1.11 RC? Document signed with OpenPGP using LO 6.4.7 in Ubuntu 18.04 x64 - opening with AOO 4.1.11 on the same Ubuntu 18.04 x64 the message is "Digital Signature: The document signature does not match the document content. We strongly recommend you to not trust this document." - opening with 4.1.11 on Windows 7 Pro x64 the message is the same but there is a popup window when the document is opened with a serious warning https://i.imgur.com/8CloLVl.png Document signed with OpenPGP using AOO 4.1.11 in Win7 Pro x64 - opening with AOO 4.1.11 on Ubuntu 18.04 x64 the message is "Digital Signature: The document signature is OK, but the certificates could not be validated." Document signed with EU card - opening with AOO 4.1.11 on Ubuntu 18.04 x64 the message is "Digital Signature: The document signature is OK, but the certificates could not be validated." - opening with AOO 4.1.11 on Windows 7 Pro x64 (where I have installed the Root certificate for my ID card), the message is "The document signature is OK". If another ID card is used to sign (and the Root certificate for that card is not imported) then the message is the same as under Ubuntu. I can share the documents with you by personal email if that helps. Regards, Pedro --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
