[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libreoffice-users] Question about signed documents


QWhat's interesting about this is you can use a a smartcard to sign your
documents. Libreoffice supports standard PIV smart cards (at least under
Linux). If you have everything configured right, you can use an x509 that
is resident on the smart card to sign the document. This can provide much
higher security, especially if the smart card is configured with a PIN.

Also keep in mind that the document is not "read only" with the signature.
It is completely possible to open a signed document, not realize it's
signed, accidentally insert a period somewhere, and resave it. As soon as
you modify a signed document the signature is dropped.

On Thu, Jan 31, 2019, 12:08 PM James Knott <james.knott@jknott.net wrote:

> On 01/31/2019 11:54 AM, Tom Williams wrote:
> > Now, this is interesting. So, the digital signing you describe would
> > generate a digital version of my signature? I have experience with
> > digitally signing a document, using a third party service, like
> > DocuSign. In those cases, a "signature" font is used to represent my
> > actual signature. I initially though the digital signing LibreOffice
> > supported added a digital signature to the document, itself, providing
> > some verification that I am who I claim to be. Does it also add the
> > signature, in the manner you describe?
>
> No, it doesn't generate a digital version of your signature. It uses a
> process, related to encryption, to generate a signature of the entire
> document, that verifies it could have only come from you. This is
> commonly done with X.509 digital certificates, which are traceable back
> to some top level certificate authority. As an example of a bank
> perhaps, they'd issue you your own public/private keys, which could be
> traced back to the bank and to the top level authority beyond. Since
> that signature couldn't possibly have come from anyone else, it is your
> signature.
>
> You may want to read up on how public/private key encryption works and
> X.509 certificates.
>
> https://en.wikipedia.org/wiki/X.509
>
> --
> To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
> Problems?
> https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
> List archive: https://listarchives.libreoffice.org/global/users/
> Privacy Policy: https://www.documentfoundation.org/privacy
>

On Thu, Jan 31, 2019, 12:08 PM James Knott <james.knott@jknott.net wrote:

> On 01/31/2019 11:54 AM, Tom Williams wrote:
> > Now, this is interesting. So, the digital signing you describe would
> > generate a digital version of my signature? I have experience with
> > digitally signing a document, using a third party service, like
> > DocuSign. In those cases, a "signature" font is used to represent my
> > actual signature. I initially though the digital signing LibreOffice
> > supported added a digital signature to the document, itself, providing
> > some verification that I am who I claim to be. Does it also add the
> > signature, in the manner you describe?
>
> No, it doesn't generate a digital version of your signature. It uses a
> process, related to encryption, to generate a signature of the entire
> document, that verifies it could have only come from you. This is
> commonly done with X.509 digital certificates, which are traceable back
> to some top level certificate authority. As an example of a bank
> perhaps, they'd issue you your own public/private keys, which could be
> traced back to the bank and to the top level authority beyond. Since
> that signature couldn't possibly have come from anyone else, it is your
> signature.
>
> You may want to read up on how public/private key encryption works and
> X.509 certificates.
>
> https://en.wikipedia.org/wiki/X.509
>
> --
> To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
> Problems?
> https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
> List archive: https://listarchives.libreoffice.org/global/users/
> Privacy Policy: https://www.documentfoundation.org/privacy
>

--
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy

References:
[libreoffice-users] Question about signed documentsTom Williams <tomdkat@comcast.net>
Re: [libreoffice-users] Question about signed documentsJames Knott <james.knott@jknott.net>
Re: [libreoffice-users] Question about signed documentsTom Williams <tomdkat@comcast.net>
Re: [libreoffice-users] Question about signed documentsJames Knott <james.knott@jknott.net>
Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.