> On Sep 29, 2021, at 9:10 AM, Dave Fisher <w...@apache.org> wrote:
>
>
>
>> On Sep 29, 2021, at 8:59 AM, Pedro Lino <pedro.l...@mailbox.org.INVALID>
>> wrote:
>>
>> Hi Dave
>>
>>> On 09/28/2021 11:35 PM Dave Fisher <w...@apache.org> wrote:
>>
>>> I think that AOO42X and Trunk need to improve in three ways.
>>>
>>> (1) We need to make sure that we hook to the systems native key store
>>> and/or a Mozilla keystone.
>>> Setup may need to be improved.
>>> (2) We need to allow a PGP and EU card key to be selected and converted to
>>> X509 internally while signing.
>>> It looks like ODF 1.3 spec makes no changes to ODF 1.2 in terms of
>>> digital signatures.
>>> (3) We need to properly display whatever signatures are on the document.
>>
>> I agree. It is good news that ODF 1.2 supports signatures (although it would
>> be ideal for AOO to move on to ODF 1.3)
>
> To be clear ODF 1.3 has the same spec as 1.2 for digital signatures.
>
>>
>>> What happens when you inspect the digital signatures of a file signed in LO
>>> with PGP and EU card in AOO 4.1.11 RC?
>>
>> Document signed with OpenPGP using LO 6.4.7 in Ubuntu 18.04 x64
>> - opening with AOO 4.1.11 on the same Ubuntu 18.04 x64 the message is
>> "Digital Signature: The document signature does not match the document
>> content. We strongly recommend you to not trust this document."
>> - opening with 4.1.11 on Windows 7 Pro x64 the message is the same but there
>> is a popup window when the document is opened with a serious warning
>> https://i.imgur.com/8CloLVl.png
Thanks for sharing the files.
This document was not signed using the ODF 1.2 or 1.3 specification. Instead LO
implements its own extension.
PGPData
xmlns:loext="urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0”
This replaces X509Data when PGP signing is done in LO. I wonder if we can
implement this without looking at their code.
Regards,
Dave
>>
>> Document signed with OpenPGP using AOO 4.1.11 in Win7 Pro x64
>> - opening with AOO 4.1.11 on Ubuntu 18.04 x64 the message is "Digital
>> Signature: The document signature is OK, but the certificates could not be
>> validated."
>>
>> Document signed with EU card
>> - opening with AOO 4.1.11 on Ubuntu 18.04 x64 the message is "Digital
>> Signature: The document signature is OK, but the certificates could not be
>> validated."
>> - opening with AOO 4.1.11 on Windows 7 Pro x64 (where I have installed the
>> Root certificate for my ID card), the message is "The document signature is
>> OK". If another ID card is used to sign (and the Root certificate for that
>> card is not imported) then the message is the same as under Ubuntu.
>>
>> I can share the documents with you by personal email if that helps.
>
> Sure, I’d like to unzip them and inspect the signature xml.
>
> Regards,
> Dave
>
>>
>> Regards,
>> Pedro
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
>> For additional commands, e-mail: dev-h...@openoffice.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org