When trying to sign an .odt .ods .odg .odp file in LOO 7.0.4.2 win10 x64 (same problem was present at least in 7.0.2) using a digital signature inside an usb token (Gemalto Safenet 5110 specifically), LOO won't show any window asking for token's password, and the document won't be signed at all. The signature IS available and listed in File > Digital Signatures > Sign Document, but when selected (double click on certificate line) nothing will happen, and will be returned to the File > Digital Signatures screen with no signature applied at all. The certificate and private key also appears in windows cert store, and can be used by other applications. This problem DON'T happen when trying to sign PDFs (either already existing PDF (opening it read-only and then using File > Digital Signatures > Sign Document) or when exporting as PDF from LOO ( File > Export As > Export As PDF... > Digital Signatures)). In these cases, a popup will appear asking for the token's password and the signature will be applied to the PDF without any problems. Related: BUG 128092
Could this have something to do with your key manager's timeout? Testing on Ubuntu 20.04, if I apply an OpenPGP signature on an ODT, the password is requested the first time, but if I then remove and re-apply it right after, the password is not requested anymore. On this system, gpg-agent has key caching time limits that I can query with: gpgconf --list-options gpg-agent | grep ttl default-cache-ttl:24:0:expire cached PINs after N seconds:3:3:N:600:: default-cache-ttl-ssh:24:1:expire SSH keys after N seconds:3:3:N:1800:: max-cache-ttl:24:2:set maximum PIN cache lifetime to N seconds:3:3:N:7200:: max-cache-ttl-ssh:24:2:set maximum SSH key lifetime to N seconds:3:3:N:7200:: Meaning, 600 seconds of inactivity, 7200 seconds maximum. Can you please: - update to a currently supported version (7.4 or 7.5) - test again signing a document after a fresh login. Does it still work without entering the password?
Dear 4ae66ceadc, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INSUFFICIENTDATA due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-NeedInfo-Ping
Hi, I got this bug when trying to sign LibreOffice files (.odt .ods .odg .odp ) with an x509 cert (sorry I didn't mention it in the first report, I even think OpenPGP wasn't a thing back then). However, an update: I've updated all the software: * LOO 7.6.2.1 * Gemalto SafeNet Authentication Client 10.8 R9 (10.8.2725.8) - token's drivers - * Still Windows 10 Enterprise LTSC x86_64 tho And the situation is the same: The signature IS available and listed in File > Digital Signatures > Sign Document, but when selected (double click on certificate line) nothing will happen, and will be returned to the File > Digital Signatures screen with no signature applied at all. The certificate and private key also appears in windows cert store, and can be used by other applications. * Tested this time with Thunderbird 115.4.2 The problem just seems to be when trying to sign LOO files, since I can sign PDF files just fine using the File > Export As > Export As PDF... > Digital Signatures. ABOUT SIGNING WITH OPENPGP SIGNATURES: Just tested it (Gpg4win 4.2.0), and I can sign LOO files without any problems (wonderful!) So, the problem seems to occur ONLY when trying LOO files (PDF are ok) with an x509 key/cert. Token appears to function ok since it can be used by every other program to sign/verify, and even LibreOffice seems to be capable to access it considering Draw can use the stored certs to sign existing PDFs correctly (I can do this even without having gpg4win installed, so I would say it doesn't rely on it at all -speaking of x509 signatures-).
[Automated Action] NeedInfo-To-Unconfirmed
Thank you very much for the extra details. Let's mark as duplicate of bug 94903 then, see in particular bug 94903 comment 17. *** This bug has been marked as a duplicate of bug 94903 ***