Digital signatures from smartcards work OK, both for source document, or generated PDFś. HOWEVER: If the smartcard is placed in a class-2 or class-3 reader (PIN-pad reader with/without display) the PIN should be obtained from the reader and NOT from an input field, entered from the ASCII-keyboard.
Hard to confirm here, but your description is self-explaining and it looks obvious. So let me set to new..
Ciao - Cor
(In reply to Hans Witvliet from comment #0)
> reader (PIN-pad reader with/without display) the PIN should be obtained from
> the reader and NOT from an input field, entered from the ASCII-keyboard.
Ah well, a question though: do I get is right that it is impossible to use the type of readers (without a display)?
LibreOffice treats all readers as Class-1 readers.
So you can sign documents, but the pin has toi be entered on traditional keyboard.
With class-2 and class-3 readers, the user should get a different prompt.
Instead of an entry field, it should say: "Enter your PIN on the reader"
The main difference is, that with class-2 and class-3 the PIN never leaves the readers. while with class-1 readers, the PIN could be intercepted by keyloggers or rogue programs on the computer.
It is very much an enhancement for high security environments, like us from MoD.
Obviously this is impossible to handle for developpers who don't have smartcards and PINPAD-readers. But perhaps this could be organized differently :-)
Can someone confirm this works for OpenPGP keys (see bug 89037)? My expectation is that gpg should transparently support that.
Works for OpenPGP keys, tested here with a yubikey - both signing and encryption.