Download it now!
Bug 102277 - Saving a version deletes the Digital Signature
Summary: Saving a version deletes the Digital Signature
Status: RESOLVED WONTFIX
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
unspecified
Hardware: All All
: medium enhancement
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: Digital-Signatures
  Show dependency treegraph
 
Reported: 2016-09-19 11:50 UTC by Ferry Toth
Modified: 2018-02-09 12:57 UTC (History)
5 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ferry Toth 2016-09-19 11:50:14 UTC
When saving a new version of a Digitally Signed document, the signature is removed.

This is different from how a paper document is signed, a signature does not get unsigned.

This is a shame as 'versions' are made read only anyway and could easily have the old signature intact.

Keeping revisions inside one document makes sense, but for document control purposes (ISO9001) essential information (who approved the doc and when) is now lost.

Thus the originally signed first version should remain available.
Comment 1 Cor Nouws 2016-09-20 08:29:32 UTC
(In reply to Ferry Toth from comment #0)
> This is a shame as 'versions' are made read only anyway and could easily
> have the old signature intact.

I'm not sure if the file structure of a 'versioned' document supports the needs of digital signatures. But it's an interesting thing indeed.

(Can test later, I think)
Comment 2 Xisco Faulí 2017-11-15 09:56:44 UTC
(In reply to Cor Nouws from comment #1)
> (In reply to Ferry Toth from comment #0)
> > This is a shame as 'versions' are made read only anyway and could easily
> > have the old signature intact.
> 
> I'm not sure if the file structure of a 'versioned' document supports the
> needs of digital signatures. But it's an interesting thing indeed.
> 
> (Can test later, I think)

Hi Cor,
Did you have the chance to test it?
Comment 3 Cor Nouws 2018-01-17 15:09:43 UTC
A popup appears:
" Saving will remove all existing signatures. Do you want to ... "

Version: 6.1.0.0.alpha0+
Build ID: 7a6df88f2579c4fcfa81eb27f6db9e8e21c9a6f8
CPU threads: 4; OS: Linux 4.13; UI render: default; VCL: gtk2; 
TinderBox: Linux-rpm_deb-x86_64@70-TDF, Branch:master, Time: 2018-01-14_22:46:48
Locale: nl-NL (nl_NL.UTF-8); Calc: group threaded

@miklos, @samuel: what are your ideas
Comment 4 Miklos Vajna 2018-01-17 16:05:42 UTC
Signing happens at an ODF package level, while versions add new streams in the ODF package, so this works as expected.

You can't really swap this (sign first, versions later) as an unsigned stream invalidates the signature in ODF. I would suggest to close this as a not-a-bug.

In theory you could have this feature (if you ignore backwards compatibility), but then you would loose the ability to say that if a stream is not signed, the signature is not valid.
Comment 5 Thorsten Behrens (allotropia) 2018-01-17 19:07:07 UTC
(In reply to Miklos Vajna from comment #4)
> Signing happens at an ODF package level, while versions add new streams in
> the ODF package, so this works as expected.
> 

In addition, saving (even if nothing has changed in the document)
never reuses the xml streams, but creates them from internal state. So
it is not guaranteed that the same xml is written at two different
times, or even less so from two different libreoffice versions. So
likely the signature will be inadvertedly invalidated.
Comment 6 Cor Nouws 2018-02-08 13:37:21 UTC
per advice: NotABug
Comment 7 Ferry Toth 2018-02-09 08:43:19 UTC
I get that it is not a bug, it is a request for enhancement.

To me it sounds logical that currently the file (package) is signed, while it sounds more logical that the document (stream) needs to be signed. Opening a previous version (other stream) should then just show the signature of the previous version.

The current behaviour restricts the usefulness of versions and forces users to keep different files for each signed version.
Comment 8 Cor Nouws 2018-02-09 12:57:06 UTC
(In reply to Ferry Toth from comment #7)

> The current behaviour restricts the usefulness of versions and forces users
> to keep different files for each signed version.

Reading comments, I conclude that it is doubtful if can work at all.