https://bugs.documentfoundation.org/show_bug.cgi?id=146211

--- Comment #3 from Alex Thurgood <[email protected]> ---
I can confirm something similar, on macOS when exporting to PDF/A-3a.

I have an EIDAS hardware certificate (USB key) issued by CertEurope that uses
Trusted Key Manager for making the key available to the OS.

I have set up a security device per the supplier's recommendations in Firefox
so that the key is readable in a Firefox profile session after entry of a PIN
associated with the certificate on the physical USB key.

I can use this key to digitally & validly sign PDF files separately in Adobe
Reader.

I can also use the key within Firefox (via the security device configuration
tool under Security & Certificates)  to login to a court CMS for which the
certificate and key are required for the filing of signed and authenticated
transactions with the court CMS.


However, in LibreOffice, after the usual idiocy (bug 147291 or bug 153626) of
not being able to find a Certificate Manager, I can finally get LO to display
an entry dialog for the PIN, when I click directly on the "Sign" button (which
otherwise shows no available certificates).

I can then sign an ODT, but LibreOffice reports that it could not verify the
signature.

One has to ask how it can activate the digital signature and not be able to
validate it ?
What use is a X509 signature that isn't validated by the software application
that adds it to the document ?

CertEurope uses SHA-256 with RSA Encryption.

If I export the signed ODT to PDF(A/3b), opening the PDF in Adobe Reader
doesn't show the document as being signed, it seems that the signature is
silently removed, or not compliant with the PDF-A spec.

If I create an ODT without a signature, export to PDF using the signature tab
(which finds my X509 cert), the signature is considered valid in the PDF when
opened in Adobe Reader.

Am I missing something, or does signing X590 within the ODT not do anything
actually useful, and is it scrubbed when exporting the signed ODT to PDF/A2/3 ?

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to