In Windows 7 LO uses Windows certificates system store (which makes sense) to sign ODF and PDF. But with Start Certificate Manager it starts Kleopatra (which then doesn't make sense). Start Certificate Manager should start Certificates (Certmgr.msc), a Microsoft Management Console (MMC) snap-in.
On Win 10 it says "Could not find any certificate manager." File - Digital Signatures - Digital Signatures - Start certificate manager Version: 7.1.0.0.alpha0+ (x64) Build ID: df74aef7159d7155addf78cfc4d139485945d794 CPU threads: 4; OS: Windows 10.0 Build 19041; UI render: default; VCL: win Locale: fi-FI (fi_FI); UI: en-US Calc: threaded
Hi! I'm running a Windows 7 x64 which has the gpg4win package installed on another drive and LibreOffice 7.0.3.1 is unable to pick it up for PGP keys. May be a whole "Path to gpg4win directory" UI interface would be useful. On a Windows 10 box, same LibreOffice version, and gpg4win installed on C: has no trouble finding the PGP keys. Cheers, Dario Susman
The defined apps for certificate management seems to be fixed in the code https://opengrok.libreoffice.org/xref/core/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx?r=9940f077#456 And certmgr.msc is not listed there. So I guess user *must* install one of the hard-coded tools to sign in windows 10. Also, not sure certmgr.msc can handle GPG, which may be the reason for forcing gpg4win -> doc. (still LibreOffice cannot find X509 certs (Cacert) in the list of available certs)
Thanks for comment. Seems that this should be changed so that there's option where from both certificates are used and certificates store started.
Windows has a certification manager implemented, but I don't see how to add a WoT/GPG key there. Kleopatra / Gpg4Win does - and I see both personal keys from the MS storage (MSO access) and GPG in the list of available signatures in LibreOffice. "Start Citation Manager" runs Kleopatra (although does not bring the dialog to front) and I wonder if changing this to the MS manager makes sense. Kind of duplicate to 142279 IMO.
I think a basic misunderstanding is, that "Start Certificate Manager" is for GPG only. That button didn't exist before GPG integration, when documents could only be signed with X.509. So I think this bug is basically a misunderstanding and the button should be renamed "Start Certificate Manager". So I'd say this bug is either invalid or the title should be changed to: "Clarify that "Start Certificate Manager" is for GPG and not for X.509" Additionally there should be at least a hint in the "Certificate Manager" window from where the X.509 certificates are being loaded. As far as I know LibreOffice loads X.509 only from Mozilla profiles and not from any OS (operating system) certificate stores. (reading from Mozilla was probably much easier to implement, then all the OS specific stores on Windows, macOS, Debian, ...) https://git.libreoffice.org/core/+/a3150fc8a59662ce8630cfc64fec9cd083ac7d36/connectivity/source/drivers/mozab/bootstrap/MNSFolders.cxx#65 Distantly related: https://bugs.documentfoundation.org/show_bug.cgi?id=156891#c5
Moritz Duge committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/a833f9dfc7e1f0bd865c01d9b777cd44b8a6f767 tdf#133941 tdf#161909: Label the "Certificate Manager" with "GPG". It will be available in 25.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Adolfo Jayme Barrientos committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/help/commit/b8f378c137df5311da024b67b61e230ad1d3d8f0 tdf#115884 tdf#133941 tdf#161909 Update help text to match UI
@Timur So it seems there was a misunderstanding about the functionality of the existing "Certificate Manager" button at the beginning of this ticket. I changed to UI in August 2024, so it reflects that the existing button is only for GPG (OpenPGP). See comment #6 -> So would it be OK to close the ticket now? Or should the ticket stay open to get a second button for the X.509 certificate management? I guess having an extra X.509 management button would implicate some work. Because on Windows certmgr.msc is being used, while all other platforms use profiles from Mozilla software for X.509. And it's even not obvious which Mozilla binary to start for that. Thunderbird, Firefox or SeaMonkey and you may have multiple installations of each at random places. In theory it would be nice to have a single certificate management for all. But in practice I see no easy solution for that. Windows and macOS inbuild certificate managers (certmgr.msc and macOS Keychain) only support X.509 as far as I know. Kleopatra+GPG would in theory be an alternative, but users need to install it first and I guess Windows X.509 users strongly prefer certmgr.msc.