Apache OpenOffice (AOO) Bugzilla – Issue 44682
Removing signature and resigning with another causes havoc
Last modified: 2005-04-05 15:09:06 UTC
Steps: Signed a document with a certificate stored on my smartcard Saved without problems Removed smartcard Reopened document Met warning that the signature in the document might be invalid Open "Digital signatures" dialog and removed signatur from document Inserted smartcard Added signature again Now I can't save the document with or withour signature without getting the warning "Saving will remove all existing signatures.\nDo you want to continue saving the document?"
Correction: I can save the document without signature without getting the warning. However, if I add a signature again the warning "Saving will remove all existing signatures.\nDo you want to continue saving the document?" shows even though I have already removed all signatures and saved the document.
of @ fst: Please have a look.
Hi, could not reproduce this Issue. Saving a signed document will always remove added signatures, as no one knows about the content of the file itself. So signing documents is a two step operation. First save the document second sign it. This step is to build a control sum on the document content based on the hash values from the cert. The broken sig seems to be a problem with embedded OLE objects. See Issue 36682. Solves this information your problem ? Frank
Hi, > Saving a signed document will always remove added signatures, as no one knows > about the content of the file itself. So signing documents is a two step > operation. First save the document second sign it. This step is to build a > control sum on the document content based on the hash values from the cert. OK. I thought since I signed the document I could keep editing in the same Writer session without manually re-adding the signature. Is this a valid feature request or in conflict with standards? Regarding the warning I can write "test" to a blank text document, sign it, close Writer, reopen and get the warning that this certificate should not be trusted. Does OOo include a list of trusted root certificates? Søren
Hi, we've decided to work in a different way compared to MS. If you save an empty document, sign it and type some text into it, showing this one to your boss and saying you've signed it and the doc is ready to be send, how should your boss know that this doc is really on your harddisk and not the empty one just saved at beginning of the process ? So every action changing the content of the file will remove any existing signature. Also every save will do so. Have a look at the Spec. about digital signatures here : http://specs.openoffice.org/appwide/security/Electronic_Signatures_and_Security.sxw Regarding the root certificates, we are using the MS Crypto Engine on Windows and Mozillas on Solaris and Linux. So if a root cert is known by these engines we know it also. Frank
OK I agree. I can't reproduce the warning that the certificate should not be trusted. Therefore, resolving as WFM.
and closing by request