XAdES signature created via LibreOffice does not confirm to specifications.
A reference to SignedProperties (Reference with URI="#idSignedProperties") is missing a Type attribute (shall be Type="http://uri.etsi.org/01903#SignedProperties").
Check specification ETSI EN 319 132-1 V1.1.1 (2016-04), section 4.4.2, which mentions exactly that. Link to specs: http://www.etsi.org/deliver/etsi_en/319100_319199/31913201/01.01.01_60/en_31913201v010101p.pdf
Validation of such documents (signatures) might be difficult, because its not immediately clear which reference is which.
thanks for filing hlavnicka.
@miklos: can you please have a look?
** Please read this message in its entirety before responding **
To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year.
There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present.
If you have time, please do the following:
Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/
If the bug is present, please leave a comment that includes the information from Help - About LibreOffice.
If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice.
Please DO NOT
Update the version field
Reply via email (please reply directly on the bug tracker)
Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not
appropriate in this case)
If you want to do more to help you can test to see if your issue is a REGRESSION. To do so:
1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/
2. Test your bug
3. Leave a comment with your results.
4a. If the bug was present with 3.3 - set version to 'inherited from OOo';
4b. If the bug was not present in 3.3 - add 'regression' to keyword
Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa
Thank you for helping us make LibreOffice even better for everyone!
Bug is still present, application incorrectly gives user a choice to select "AdES-compliant" signature that in fact is not compliant (conflict with specification ETSI EN 319 132-1 V1.1.1 (2016-04), section 4.4.2)
Tested again in version:
Version: 220.127.116.11 (x64)
Build ID: f7f06a8f319e4b62f9bc5095aa112a65d2f3ac89
CPU threads: 4; OS: Windows 6.1; UI render: default;
Locale: cs-CZ (cs_CZ); Calc: CL
I have noticed that the XAdES signature that has been created with the help of LibreOffice is not compliant that’s why I have abandoned using it but now I read reviews on https://essayreviewexpert.com/review/edubirdie/ about writing source I will make them to write me an essay. I think it is missing some significant attributes.
Created attachment 163087 [details]
Signed OpenDocument with eSignature DSS library
The attached document is signed with a XAdES signature, but not detected by LibreOffice because it does not support the XML namespaces. Tested with latest Libreoffice 18.104.22.168 and 22.214.171.124
Created attachment 163088 [details]
Signed OpenDocument with eSignature DSS library (fixed)
Apologies for the previous attachment, it was the wrong file.
*** Bug 124768 has been marked as a duplicate of this bug. ***
(In reply to Francisco de la Peña from comment #7)
> Created attachment 163088 [details]
> Signed OpenDocument with eSignature DSS library (fixed)
> Apologies for the previous attachment, it was the wrong file.
LibreOffice started to detect the presence of this signature in 7.1 after:
author Michael Stahl <email@example.com> Fri Feb 12 16:42:51 2021 +0100
committer Caolán McNamara <firstname.lastname@example.org> Thu Mar 04 12:50:18 2021 +0100
xmlsecurity: replace XSecParser implementation
So this part is already solved.
Created attachment 176003 [details]
Example file signed with 6.2
Looks like the missing Type="http://uri.etsi.org/01903#SignedProperties attribute is added at least since 6.2 - but it was not added in 6.1
(In reply to Gabor Kelemen (allotropia) from comment #10)
> Created attachment 176003 [details]
> Example file signed with 6.2
> Looks like the missing Type="http://uri.etsi.org/01903#SignedProperties
> attribute is added at least since 6.2 - but it was not added in 6.1
author Miklos Vajna <email@example.com> Mon Aug 27 09:15:16 2018 +0200
committer Miklos Vajna <firstname.lastname@example.org> Mon Aug 27 19:15:55 2018 +0200
tdf#119309 xmlsecurity xades: missing XML attribute on idSignedProperties ref
*** This bug has been marked as a duplicate of bug 119309 ***