Bug 106454 - Digital signatures from PINPAD readers
Summary: Digital signatures from PINPAD readers
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: framework (show other bugs)
Version:
(earliest affected)
5.3.0.3 release
Hardware: All All
: medium enhancement
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: Digital-Signatures
  Show dependency treegraph
 
Reported: 2017-03-09 11:23 UTC by Hans Witvliet
Modified: 2017-12-19 08:07 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hans Witvliet 2017-03-09 11:23:39 UTC
Digital signatures from smartcards work OK, both for source document, or generated PDFś. HOWEVER: If the smartcard is placed in a class-2 or class-3 reader (PIN-pad reader with/without display) the PIN should be obtained from the reader and NOT from an input field, entered from the ASCII-keyboard.
Comment 1 Cor Nouws 2017-03-09 14:22:02 UTC
Hi Hans,

Hard to confirm here, but your description is self-explaining and it looks obvious. So let me set to new..

Ciao - Cor
Comment 2 Cor Nouws 2017-03-09 14:25:40 UTC
(In reply to Hans Witvliet from comment #0)

> reader (PIN-pad reader with/without display) the PIN should be obtained from
> the reader and NOT from an input field, entered from the ASCII-keyboard.

Ah well, a question though: do I get is right that it is impossible to use the type of readers (without a display)?
Comment 3 Hans Witvliet 2017-03-09 15:02:59 UTC
LibreOffice treats all readers as Class-1 readers.
So you can sign documents, but the pin has toi be entered on traditional keyboard.

With class-2 and class-3 readers, the user should get a different prompt.
Instead of an entry field, it should say: "Enter your PIN on the reader" 

The main difference is, that with class-2 and class-3 the PIN never leaves the readers. while with class-1 readers, the PIN could be intercepted by keyloggers or rogue programs on the computer.

It is very much an enhancement for high security environments, like us from MoD.

Obviously this is impossible to handle for developpers who don't have smartcards and PINPAD-readers. But perhaps this could be organized differently :-)
Comment 4 Thorsten Behrens (CIB) 2017-08-30 02:50:21 UTC
Can someone confirm this works for OpenPGP keys (see bug 89037)? My expectation is that gpg should transparently support that.
Comment 5 Thorsten Behrens (CIB) 2017-12-19 08:07:42 UTC
Works for OpenPGP keys, tested here with a yubikey - both signing and encryption.