https://bugs.documentfoundation.org/show_bug.cgi?id=146211
--- Comment #3 from Alex Thurgood <[email protected]> --- I can confirm something similar, on macOS when exporting to PDF/A-3a. I have an EIDAS hardware certificate (USB key) issued by CertEurope that uses Trusted Key Manager for making the key available to the OS. I have set up a security device per the supplier's recommendations in Firefox so that the key is readable in a Firefox profile session after entry of a PIN associated with the certificate on the physical USB key. I can use this key to digitally & validly sign PDF files separately in Adobe Reader. I can also use the key within Firefox (via the security device configuration tool under Security & Certificates) to login to a court CMS for which the certificate and key are required for the filing of signed and authenticated transactions with the court CMS. However, in LibreOffice, after the usual idiocy (bug 147291 or bug 153626) of not being able to find a Certificate Manager, I can finally get LO to display an entry dialog for the PIN, when I click directly on the "Sign" button (which otherwise shows no available certificates). I can then sign an ODT, but LibreOffice reports that it could not verify the signature. One has to ask how it can activate the digital signature and not be able to validate it ? What use is a X509 signature that isn't validated by the software application that adds it to the document ? CertEurope uses SHA-256 with RSA Encryption. If I export the signed ODT to PDF(A/3b), opening the PDF in Adobe Reader doesn't show the document as being signed, it seems that the signature is silently removed, or not compliant with the PDF-A spec. If I create an ODT without a signature, export to PDF using the signature tab (which finds my X509 cert), the signature is considered valid in the PDF when opened in Adobe Reader. Am I missing something, or does signing X590 within the ODT not do anything actually useful, and is it scrubbed when exporting the signed ODT to PDF/A2/3 ? -- You are receiving this mail because: You are the assignee for the bug.
