On Thu, Jul 30, 2009 at 1:22 PM, Mathias Bauer<[email protected]> wrote: > Hi Alexandro, > > Alexandro Colorado wrote: > >> hi I got a digital signature that shows as a not able to provide validity >> on the signature. I wonder how can I make the signature valid,. I did some >> research on the wiki but couldnt find much information about validating >> the digtal signature. This is already used by thswate OpenID and CACert >> but all show as non/validated. >> > > We are not the experts for digital signatures, so please take everything > I write with a large grain of salt. > > Digital signing in OOo has two parts: first, the signature verifies that > the document has not been modified since it was signed. This works > without any verification of the signature itself. > > But without further support you can not verify that the person that > claims to be the one who has signed the document in fact really is that > person. To verify this, you need a "chain of trust". The validity of a > signature is guaranteed by another person represented by its signature, > that also is made valid by another one etc. This is repeated until you > reach a certificate that is respected as a valid reference, let's call > it the "root certificate". To walk along this chain you either must have > all certificates in the chain installed on your system, up to the root > certificate or the application must download each certificate (what of > course requires that a download location is specified in each signature). > > On Windows the systems certificate storage is used by OOo, on other > platforms we rely on Mozilla code. The latter has the disadvantage that > we are not able to download intermediate certificates (between the one > of the signer and the "root certificate") even if their location is > known, so the chain of trust is broken. This should work on Windows though.
I see, so there is noway to have a trusted signature in Linux. So my question is what will be the process on windows to have this intermediate certificates, is this just done automatically or do I need to have aditional site certificates added to my database. Currently I got a CACert assured certificate (with my name and info in it) which should qualify as a valid certificate. I also surpass the minimum of points to be on the Web of Trust from CACert. So for me to have the valid certificate status, i should sign it on windows? I do remember seen that the CACert guys were using linux and their certificate was valid as they signed a document in OOo. So I wonder if this was because of the distro or if they did something special. > Regards, > Mathias > > -- > Mathias Bauer (mba) - Project Lead OpenOffice.org Writer > OpenOffice.org Engineering at Sun: http://blogs.sun.com/GullFOSS > Please don't reply to "[email protected]". > I use it for the OOo lists and only rarely read other mails sent to it. -- Alexandro Colorado OpenOffice.org Español IM: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
