Apache OpenOffice (AOO) Bugzilla – Issue 122697
Help on Managing Digital Signatures is Incorrect
Last modified: 2019-12-06 21:03:49 UTC
The embedded help for managing digital signatures is incorrect. [Note: The same problem exists in LibreOffice embedded help, and has been reported at https://bugs.freedesktop.org/show_bug.cgi?id=36970. This version is entirely my own contribution and is available as my contribution to anyone by virtue of my previously-provided declaration. I am continuing any of my effort on this defect here because it provides wider availability to the extend the same remedy is useful to LibreOffice and anyone else as well.] REPRODUCTION [Done 2013-07-04 using embedded Help with Apache OpenOffice on Windows en-x86.] 1. Open Apache OpenOffice Writer with a blank document (or just open to the start page) 2. Click Help and get LibreOffice embedded Help. 3. In the Index, Search term tab, type "digital signatures" 4. When the "digital signatures" term scrolls up, click the "getting/managing/applying" subtopic. 5. Read the Managing Certificates topic. That is wrong. Getting new root certificates is something you can do. It has nothing to do with having your own private key certificate and how it ends up in a protected key store on your machine. 6. The description about signed macros is also misleading. It suggests that there is no value to signing macros when the document is signed. DETAILS Concerning Root Certificates versus Private Keys Getting a new root certificate is something that an user can do. However, that has nothing to do with having a private key certificate and keeping that in a protected key store. That's what is needed to sign documents. It is also true that a recipient of a signed object needs a trusted certificate to verify the authenticity of the *public* key by which the signature is verifiable. That is a different part of the protocol and it is not addressed on this page at all. Independence of Macro Signatures from Document Signatures Unless this is simply implemented horribly wrong, the signatures on embedded macros should survive editing of the document so long as a signed macro is not edited. That's the point of having macros signed, so that they can be trusted by people when they are found in documents and when they are reused too. When a signed document is edited, there is no reason to invalidate the separately-created signatures on embedded macros that are not touched, whether or not still used. POSSIBLE REMEDIES Concerning Root Certificates versus Private Keys Short Term Fix: Simply remove that small section. Longer Term Fix: Replace that section and the one about applying signatures with something more generic and brief that links to appropriate documentation elsewhere, perhaps on the Wiki. Accounting for platform differences is probably important and there needs to be more about the use of X.509 PKI and what the end-to-end signing to verification situation is, with illustration of signing in Apache OpenOffice and also verification of signatures in Apache OpenOffice. Concerning Macro Signatures versus Document Signatures Short Term Fix: Restate how macro signatures provide independent verification of authenticity and integrity of macros in both signed and unsigned documents. Longer Term Fix: Address more about how to embed macros, how to sign embedded macros, and how to handle signed macros in the local user profile as well as extracting and embedding those, depending on what the implementation actually supports. Again, details should probably be on the wiki and might be version dependent as well.