Bug 159040

Summary: provide easy UI to automatically apply digital signature when storing documents
Product: LibreOffice Reporter: Michael Stahl (allotropia) <michael.stahl>
Component: frameworkAssignee: Not Assigned <libreoffice-bugs>
Status: NEW ---    
Severity: enhancement CC: heiko.tietze, samuel.mehrbrodt, thb
Priority: medium    
Version: Inherited From OOo   
Hardware: All   
OS: All   
Whiteboard:
Crash report or crash signature: Regression By:
Bug Depends on:    
Bug Blocks: 105605, 158839    

Description Michael Stahl (allotropia) 2024-01-05 16:49:51 UTC 
currently to apply a digital signature to an ODF/OOXML document, the user has to use the File->Digital Signatures->Digital Signatures... dialog.

this requires that the file is saved first, and after it is signed, the user gets prompted to remember the certificate, and if it is saved again, it will be signed with the same certificate.

but if the user closes the document, the next time it's opened and edited, the user has to go to the same menu item to sign it again.

there are also settings in Tools->Options->User Data to set a default OpenPGP signing key and encryption key, but this only causes this singing key to be pre-selected in the Select Certificate dialog.

it should be possible to make this more user-friendly, to sign with a certificate automatically in some situations.

there is also a privacy aspect to be taken into consideration though: of course the certificate usually contains the user's name and perhaps other personal data, organizational affiliation etc., so probably it's not a good idea to sign *every* document that the user stores.

in general LO supports 2 different kinds of certificate, so an obvious improvement is to add an option for a default X509 certificate in Tools->Options, or extend the current setting to allow selecting X509 in addition to OpenPGP.

then perhaps a checkbox could be added to the file chooser dialog; when storing a file, it already has "Encrypt with GPG key" so it could have a "Sign with default certificate" checkbox too (note this needs adding to ~6 file chooser services).

other ideas would be to automatically sign a document if it's stored encrypted with a password or with a GPG key - perhaps with a Tools->Options checkbox. (but not sure if this is desirable, and it sort of contradicts the previous idea - if there is a checkbox in the file chooser and in Tools->Options how should it work...)

we might have time to implement something here but i'd first like to know how it should work :)
Comment 1 Heiko Tietze 2024-01-22 12:20:48 UTC 
(In reply to Michael Stahl (allotropia) from comment #0)
> it should be possible to make this more user-friendly, to sign with a
> certificate automatically in some situations.
I could imagine another checkbox on the save dialog. Although it's an ugly solution right now, perhaps we could replace all the additional non-standard checkboxes with a button "Options" and provide them in an extra dialog. Or use some expanding parent control.

> add an option for a default X509 certificate in Tools->Options
> or extend the current setting to allow selecting X509 in addition to OpenPGP.
Tools > Options > Security > Certificate allows to pick a default certificate, doesn't it?  

> a checkbox could be added to the file chooser dialog; when
> storing a file, it already has "Encrypt with GPG key" so it could have a
> "Sign with default certificate" checkbox too (note this needs adding to ~6
> file chooser services).
Yes, and the checkbox would be disabled if no default is defined. But I don't get "~6 file chooser services".


In the end I wonder if we should change the workflow much. To me the procedure is some kind of 3rd party tool that modifies the document after processing by LibreOffice. We just make the access a bit more user friendly. Essentially the proposal is to move the command from File > Digital Signature into the Save dialog. Needs to be done for PDF too, of course.
Comment 2 Michael Stahl (allotropia) 2024-01-23 10:27:51 UTC 
(In reply to Heiko Tietze from comment #1)
> (In reply to Michael Stahl (allotropia) from comment #0)
> > add an option for a default X509 certificate in Tools->Options
> > or extend the current setting to allow selecting X509 in addition to OpenPGP.

> Tools > Options > Security > Certificate allows to pick a default
> certificate, doesn't it?  

i can only choose a NSS profile directory there, no certificate, and the button doesn't exist on WNT (which doesn't use NSS).
Comment 3 Heiko Tietze 2024-02-01 07:27:17 UTC 
We discussed the topic in the design meeting.

The most easy solution might be to have a default signature defined in tools > options > security and just the option to apply in the save dialog; if another than the default signature is needed one would have to use file > digital signature as of today.

To avoid too cluttering the save dialog with options we could move all into a dialog. Or "hide" all checkboxes behind an expander.