> On Sep 29, 2021, at 8:59 AM, Pedro Lino <[email protected]>
> wrote:
>
> Hi Dave
>
>> On 09/28/2021 11:35 PM Dave Fisher <[email protected]> wrote:
>
>> I think that AOO42X and Trunk need to improve in three ways.
>>
>> (1) We need to make sure that we hook to the systems native key store and/or
>> a Mozilla keystone.
>> Setup may need to be improved.
>> (2) We need to allow a PGP and EU card key to be selected and converted to
>> X509 internally while signing.
>> It looks like ODF 1.3 spec makes no changes to ODF 1.2 in terms of
>> digital signatures.
>> (3) We need to properly display whatever signatures are on the document.
>
> I agree. It is good news that ODF 1.2 supports signatures (although it would
> be ideal for AOO to move on to ODF 1.3)
To be clear ODF 1.3 has the same spec as 1.2 for digital signatures.
>
>> What happens when you inspect the digital signatures of a file signed in LO
>> with PGP and EU card in AOO 4.1.11 RC?
>
> Document signed with OpenPGP using LO 6.4.7 in Ubuntu 18.04 x64
> - opening with AOO 4.1.11 on the same Ubuntu 18.04 x64 the message is
> "Digital Signature: The document signature does not match the document
> content. We strongly recommend you to not trust this document."
> - opening with 4.1.11 on Windows 7 Pro x64 the message is the same but there
> is a popup window when the document is opened with a serious warning
> https://i.imgur.com/8CloLVl.png
>
> Document signed with OpenPGP using AOO 4.1.11 in Win7 Pro x64
> - opening with AOO 4.1.11 on Ubuntu 18.04 x64 the message is "Digital
> Signature: The document signature is OK, but the certificates could not be
> validated."
>
> Document signed with EU card
> - opening with AOO 4.1.11 on Ubuntu 18.04 x64 the message is "Digital
> Signature: The document signature is OK, but the certificates could not be
> validated."
> - opening with AOO 4.1.11 on Windows 7 Pro x64 (where I have installed the
> Root certificate for my ID card), the message is "The document signature is
> OK". If another ID card is used to sign (and the Root certificate for that
> card is not imported) then the message is the same as under Ubuntu.
>
> I can share the documents with you by personal email if that helps.
Sure, I’d like to unzip them and inspect the signature xml.
Regards,
Dave
>
> Regards,
> Pedro
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
