Bug 113560 - Digital signature for PDF not working with CACert
Summary: Digital signature for PDF not working with CACert
Status: RESOLVED INSUFFICIENTDATA
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: framework (show other bugs)
Version:
(earliest affected)
5.4.2.2 release
Hardware: All Linux (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: Digital-Signatures
  Show dependency treegraph
 
Reported: 2017-10-31 21:19 UTC by Olivier Hallot
Modified: 2021-05-12 03:59 UTC (History)
5 users (show)

See Also:
Crash report or crash signature:
Regression By:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Hallot 2017-10-31 21:19:15 UTC
Can't sign PDF with valid CACert X.509 certificate

Step to reproduce:

1) Menu File - Open - Digital Signatures - Sign an existing PDF

2) Select the PDF to sign. The file opens in DRAW, with 2 buttons in info bar: Edit document and Sign document

3) Click on Sign document. The Digital signatures dialog opens. There is no previous signatures listed here.

4) Click on Sign document. The Select certificate dialog opens.

5) Select the certificate, click OK

results: Nothing happens.

Detais of the certificate used:

CACert WoT User

Valid until 4/29/2018

E = support@cacert.org
CN = CA Cert Signing Authority
OU = http://www.cacert.org
O = Root CA

Usage: Assinatura digital, Criptografia da chave, Acordo de chave
(Digital signature, key criptography, key negotiation)

Certificate was validated.
Comment 1 Jesus M. Gonzalez-Barahona 2017-11-16 10:38:31 UTC
I can confirm exactly this is happening to me on GNU/Linux Debian testing, LibreOffice 5.4.1.2.0+, compilation id 1:5.4.1-1, X86_64.

I'm using a valid X.509 certificate, found as trusted by both LibreOffice and Firefox:

Version: V3

Issuer:

CN = AC FNMT Usuarios
OU = Ceres
O = FNMT-RCM
C = ES
(accepted manually in Firefox as valid CA)

Subject algo: PKCS #1 RSA Encryption
Comment 2 Timur 2018-02-28 11:42:43 UTC
Can you please explain how you got CACert in Sign document - Select certificate dialog. I don't see CACert there, just other certs, although I have CACert in Kleopatra. It's Windows 7.
And please test again with master. I noticed there were no error warning for cert manager. in 5.4 while there are now.
Comment 3 Timur 2018-06-28 06:49:32 UTC Comment hidden (obsolete)
Comment 4 Jesus M. Gonzalez-Barahona 2018-06-28 07:36:22 UTC
My certificate was not CA-Cert, but produced by the Spanish FNMT. I cannot easily test with master, but I will try with the newest version of LibreOffice I can install. I'm on a Debian Linux box, though.
Comment 5 Juan Jose Pablos 2018-10-07 23:32:10 UTC
It works for me. 
Both the FNMT and the CACERT.org works just fine.


Versión: 6.1.2.1
Id. de compilación: 65905a128db06ba48db947242809d14d3f9a93fe
Subprocs. CPU: 8; SO: Linux 3.16; Repres. IU: predet.; VCL: gtk3; 
Flatpak
Configuración regional: es-ES (es_ES.UTF-8); Calc: group threaded
Comment 6 Timur 2018-10-08 10:00:02 UTC
@Juan: thank you. Can you please confirm with master? And please make screencast (ex. with Simple Screen Recorder)or screenshot on how you choose certificate. 

I'm in Mint 18.3.and "Sign Document.." doesn't list my CAcert that is shown with Seahorse Passwords and Keys. 
Maybe we have a limitation here just to Kleopatra. So please write your certificate manager. 

@Jesus: can you also confirm please? 

Master you normally from https://dev-builds.libreoffice.org/daily/master/ but in Linux it's very convenient to use Appimage in Linux from https://www.libreoffice.org/download/appimage/ or best daily from https://libreoffice.soluzioniopen.com/.
Comment 7 Juan Jose Pablos 2018-10-17 08:27:01 UTC
@Timur
I am using the Firefox Network Security Services
Tools > Options > LibreOffice > Security > Certificate Root


I am using Debian and Flatpak.
Versión: 6.1.2.1
Id. de compilación: 65905a128db06ba48db947242809d14d3f9a93fe
Subprocs. CPU: 8; SO: Linux 3.16; Repres. IU: predet.; VCL: gtk3; 
Flatpak

Maybe this bug is not as generic as you may think.
Comment 8 vzy 2018-11-07 11:46:18 UTC
@juanjosepablos

can you please show how  to add the certificate path to select Firefox Network Security Services in  Tools > Options > LibreOffice > Security > Certificate Path (I click on Add but i just cant find the directory).

I am on linux ubuntu 16.04.5, Xenial 
LibreOffice 6.1.2.1 release

My valid and trusted FNMT certificate is not recognised, certificate lists appears empty and certificate manager doesnt launch. It works on Thunderbird though.

thanks
Comment 9 QA Administrators 2019-11-10 03:48:22 UTC Comment hidden (obsolete)
Comment 10 Timur 2020-06-10 10:52:21 UTC
This is old and not reproducile for me. 
So I set NeedInfo. 

(In reply to vzy from comment #8)
> @juanjosepablos
> 
> can you please show how  to add the certificate path to select Firefox
> Network Security Services in  Tools > Options > LibreOffice > Security >
> Certificate Path (I click on Add but i just cant find the directory).
That's another issue, but I reported as bug 133852. Could be "Not LO bug". Please also see https://bugs.documentfoundation.org/show_bug.cgi?id=125636#c8.
Comment 11 QA Administrators 2021-04-11 03:35:50 UTC Comment hidden (obsolete)
Comment 12 QA Administrators 2021-05-12 03:59:28 UTC
Dear Olivier Hallot,

Please read this message in its entirety before proceeding.

Your bug report is being closed as INSUFFICIENTDATA due to inactivity and
a lack of information which is needed in order to accurately
reproduce and confirm the problem. We encourage you to retest
your bug against the latest release. If the issue is still
present in the latest stable release, we need the following
information (please ignore any that you've already provided):

a) Provide details of your system including your operating
   system and the latest version of LibreOffice that you have
   confirmed the bug to be present

b) Provide easy to reproduce steps – the simpler the better

c) Provide any test case(s) which will help us confirm the problem

d) Provide screenshots of the problem if you think it might help

e) Read all comments and provide any requested information

Once all of this is done, please set the bug back to UNCONFIRMED
and we will attempt to reproduce the issue. Please do not:

a) respond via email 

b) update the version field in the bug or any of the other details
   on the top section of our bug tracker

Warm Regards,
QA Team

MassPing-NeedInfo-FollowUp