Created attachment 132254 [details] Error screen on export to PDF. I'm unable to digitally sign a PDF file on export in LO 5.3.1 Win7, while I can do it in LO 5.2.3 on Windows 8.1 and in 5.3.1 on Ubuntu 14.04. - I try to use File - Export to PDF on a very simple odt file containing only text (which I can sign), - select Digital signatures tab, - press the Select button to select my certificate - press the Export button and get the attached screenshot plus a "Generic I/O error" window.
Created attachment 132255 [details] Test odt file signed with the same certificate that fails to sign the exported PDF
Created attachment 132256 [details] The same odt exported to PDF and signed with the same certificate This was made with LO 5.2.3 - I'm unable to reproduce this result with 5.3.1.
Created attachment 133595 [details] LO 5.4 after opening a simple pdf for signing I tested it with LO 5.4 beta1 on Windows 7 and now the usual yellow infobar does not appear in Draw, only the PDF opens.
I'm afraid you need to be more specific. Here is what I tried: 1) created a test key by running xmlsecurity/qa/create-certs/create-certs.sh and importing the Alice user on Windows 7 2) created a new writer document, exported it to PDF, and on the digital signatures tab I selected the Alice key 3) The export finished without any errors 4) Opening the file in Draw I get the infobar about the signature being valid. So at least this scenario works fine.
Oh, and I tested with 70fe321f3cadfb4c71bd2948d3b0651ab50ff009 (master as of yesterday morning).
(In reply to Gabor Kelemen from comment #0) > I'm unable to digitally sign a PDF file on export in LO 5.3.1 Win7, while I > can do it .... in 5.3.1 on Ubuntu 14.04. Please try with another Win comp. I can sign with Win 7 both 5.3. and master.
Does work for me in 5.0.4.3 on Windows 10-64 (6.19)
Hi Gabor, Do you still reproduce this issue?
(In reply to Xisco Faulí from comment #8) > Hi Gabor, > Do you still reproduce this issue? I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the bug is still present in the master build
Created attachment 139772 [details] selecting a CAcert certificate
I experience the problem with Win XP LO 5.4.5.1 When I try exporting an odt file to a pdf to sign with an CAcert certificate, the signature process fails.
Created attachment 139773 [details] tab digital signature
Created attachment 139774 [details] export failure
Created attachment 139775 [details] error message
The comment on CAcert certificate is a duplicate of bug 113560.
Created attachment 143169 [details] Trying to sign with 6.2master and GOVCA example certificate Still happens, but my hunch is that this particular cert I was given contains something funny. While testing bug #109180 I was able to digitally sign a PDF with the HW key of my eID card, from the very same provider.
If nobody else reproduces this, I'm afraid it's up to you to find a cause and justify this NEW status.
Please set the platform, Linux/macOS and Windows crypto is set differently. It would be also interesting to know if the Windows case improves if you start soffice as SVL_CRYPTO_CNG=1 instdir/program/soffice.exe which opts in for CNG usage. I plan to make that the default in the next few weeks. PDF signing with ECDSA key works for me in that mode.
Created attachment 143181 [details] Example signed pdf from 6.2master made on Win7 Good news, doing 'set SVL_CRYPTO_CNG=1' in cmd and starting swriter resulted in a successful signing of the attached file during export. Running swriter from Explorer resulted in the same error message, so the solution seems to be using the CNG backend.
OK, let's misuse this bug to enable CNG by default. I'll close this when I flip the default.
Miklos Vajna committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=3c01b8cc4f15df16b4373855b8797d5dcff59327 tdf#106854 svl windows: enable CNG by default It will be available in 6.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.