https://issues.apache.org/ooo/show_bug.cgi?id=121505
Bug ID: 121505
Issue Type: DEFECT
Summary: Adding a signature to a document already signed by MS
Word invalidates the MS Word signature
Classification: Code
Product: framework
Version: AOO 3.4.1
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: ui
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Created attachment 80045
--> https://issues.apache.org/ooo/attachment.cgi?id=80045&action=edit
File signed by MS Word (result of step 7 in the repro steps)
Using OOo to add a signature to a document that has already been signed by
someone in MS Word invalidates the (still-valid) original signature.
Steps (note that a file is attached which allows you to skip steps 1-7):
1) Boot MS Word
2) Hit Escape (Create default document)
3) File -> Info -> Protect Document -> Add a Digital signature
4) Save file as ODF format (.odt)
5) Choose an RSA certificate that uses a SHA1 hash (DSA is fine too)
6) Click Sign
7) Exit MS Word
8) Open document in OOo
9) Under File menu, click Digital Signatures
10) Notice they're considered valid
11) Now click "Sign Document" button and add a digital signature using a SHA1
cert
12) Observe invalid original signature
It seems that this might be happening because OOo is rewriting the XML for the
MS Word signature, but omitting the Type attribute on the Reference element.
This is also filed on LibreOffice
(https://bugs.freedesktop.org/show_bug.cgi?id=58476)
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
