Bug 133941 - Start Certificate Manager in Windows should start certificates system store
Summary: Start Certificate Manager in Windows should start certificates system store
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: framework (show other bugs)
Version:
(earliest affected)
5.4.0.3 release
Hardware: All Windows (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: implementationError
Depends on:
Blocks: Digital-Signatures OpenPGP
  Show dependency treegraph
 
Reported: 2020-06-12 19:17 UTC by Timur
Modified: 2024-05-27 13:12 UTC (History)
8 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Timur 2020-06-12 19:17:54 UTC
In Windows 7 LO uses Windows certificates system store (which makes sense) to sign ODF and PDF.
But with Start Certificate Manager it starts Kleopatra (which then doesn't make sense).
Start Certificate Manager should start Certificates (Certmgr.msc), a Microsoft Management Console (MMC) snap-in.
Comment 1 Buovjaga 2020-10-19 15:44:21 UTC
On Win 10 it says "Could not find any certificate manager."
File - Digital Signatures - Digital Signatures - Start certificate manager

Version: 7.1.0.0.alpha0+ (x64)
Build ID: df74aef7159d7155addf78cfc4d139485945d794
CPU threads: 4; OS: Windows 10.0 Build 19041; UI render: default; VCL: win
Locale: fi-FI (fi_FI); UI: en-US
Calc: threaded
Comment 2 Dario Andres Susman 2020-11-25 18:33:18 UTC
Hi!
I'm running a Windows 7 x64 which has the gpg4win package installed on another drive and LibreOffice 7.0.3.1 is unable to pick it up for PGP keys. 
May be a whole "Path to gpg4win directory" UI interface would be useful.

On a Windows 10 box, same LibreOffice version, and gpg4win installed on C: has no trouble finding the PGP keys.

Cheers,
Dario Susman
Comment 3 Olivier Hallot 2021-09-15 19:10:50 UTC
The defined apps for certificate management seems to be fixed in the code

https://opengrok.libreoffice.org/xref/core/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx?r=9940f077#456

And certmgr.msc is not listed there.

So I guess user *must* install one of the hard-coded tools to sign in windows 10.

Also, not sure certmgr.msc can handle GPG, which may be the reason for forcing gpg4win

-> doc.

(still LibreOffice cannot find X509 certs (Cacert) in the list of available certs)
Comment 4 Timur 2021-09-16 08:01:58 UTC
Thanks for comment. 
Seems that this should be changed so that there's option where from both certificates are used and certificates store started.
Comment 5 Heiko Tietze 2023-06-13 09:42:46 UTC
Windows has a certification manager implemented, but I don't see how to add a WoT/GPG key there. Kleopatra / Gpg4Win does - and I see both personal keys from the MS storage (MSO access) and GPG in the list of available signatures in LibreOffice. "Start Citation Manager" runs Kleopatra (although does not bring the dialog to front) and I wonder if changing this to the MS manager makes sense.

Kind of duplicate to 142279 IMO.
Comment 6 Moritz Duge 2024-05-24 22:37:27 UTC
I think a basic misunderstanding is, that "Start Certificate Manager" is for GPG only. That button didn't exist before GPG integration, when documents could only be signed with X.509.

So I think this bug is basically a misunderstanding and the button should be renamed "Start Certificate Manager".
So I'd say this bug is either invalid or the title should be changed to:
"Clarify that "Start Certificate Manager" is for GPG and not for X.509"

Additionally there should be at least a hint in the "Certificate Manager" window from where the X.509 certificates are being loaded. As far as I know LibreOffice loads X.509 only from Mozilla profiles and not from any OS (operating system) certificate stores.
(reading from Mozilla was probably much easier to implement, then all the OS specific stores on Windows, macOS, Debian, ...)
https://git.libreoffice.org/core/+/a3150fc8a59662ce8630cfc64fec9cd083ac7d36/connectivity/source/drivers/mozab/bootstrap/MNSFolders.cxx#65

Distantly related:
https://bugs.documentfoundation.org/show_bug.cgi?id=156891#c5