Hi Alexandro, Alexandro Colorado wrote:
> hi I got a digital signature that shows as a not able to provide validity > on the signature. I wonder how can I make the signature valid,. I did some > research on the wiki but couldnt find much information about validating > the digtal signature. This is already used by thswate OpenID and CACert > but all show as non/validated. > We are not the experts for digital signatures, so please take everything I write with a large grain of salt. Digital signing in OOo has two parts: first, the signature verifies that the document has not been modified since it was signed. This works without any verification of the signature itself. But without further support you can not verify that the person that claims to be the one who has signed the document in fact really is that person. To verify this, you need a "chain of trust". The validity of a signature is guaranteed by another person represented by its signature, that also is made valid by another one etc. This is repeated until you reach a certificate that is respected as a valid reference, let's call it the "root certificate". To walk along this chain you either must have all certificates in the chain installed on your system, up to the root certificate or the application must download each certificate (what of course requires that a download location is specified in each signature). On Windows the systems certificate storage is used by OOo, on other platforms we rely on Mozilla code. The latter has the disadvantage that we are not able to download intermediate certificates (between the one of the signer and the "root certificate") even if their location is known, so the chain of trust is broken. This should work on Windows though. Regards, Mathias -- Mathias Bauer (mba) - Project Lead OpenOffice.org Writer OpenOffice.org Engineering at Sun: http://blogs.sun.com/GullFOSS Please don't reply to "[email protected]". I use it for the OOo lists and only rarely read other mails sent to it. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
