Created attachment 176908 [details] DOC_conv24-sig.pdf The signed document is unfortunately not pdf-A-compliant. After the export it is, but it is not ok, to silently remove the signature
Please clarify: PDF signing only works with x509 certificates kindly confirm if x509 certificates were used. more info: https://bugs.documentfoundation.org/show_bug.cgi?id=115884 Hello, Thank you for reporting the bug. Can you please confirm if the issue still exists in the latest build? Could you please try to reproduce it with a master build from https://dev-builds.libreoffice.org/daily/master/ ? You can install it alongside the standard version. I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the bug is still present in the master build.
Dear Ralf Hauser, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INSUFFICIENTDATA due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-NeedInfo-Ping
I can confirm something similar, on macOS when exporting to PDF/A-3a. I have an EIDAS hardware certificate (USB key) issued by CertEurope that uses Trusted Key Manager for making the key available to the OS. I have set up a security device per the supplier's recommendations in Firefox so that the key is readable in a Firefox profile session after entry of a PIN associated with the certificate on the physical USB key. I can use this key to digitally & validly sign PDF files separately in Adobe Reader. I can also use the key within Firefox (via the security device configuration tool under Security & Certificates) to login to a court CMS for which the certificate and key are required for the filing of signed and authenticated transactions with the court CMS. However, in LibreOffice, after the usual idiocy (bug 147291 or bug 153626) of not being able to find a Certificate Manager, I can finally get LO to display an entry dialog for the PIN, when I click directly on the "Sign" button (which otherwise shows no available certificates). I can then sign an ODT, but LibreOffice reports that it could not verify the signature. One has to ask how it can activate the digital signature and not be able to validate it ? What use is a X509 signature that isn't validated by the software application that adds it to the document ? CertEurope uses SHA-256 with RSA Encryption. If I export the signed ODT to PDF(A/3b), opening the PDF in Adobe Reader doesn't show the document as being signed, it seems that the signature is silently removed, or not compliant with the PDF-A spec. If I create an ODT without a signature, export to PDF using the signature tab (which finds my X509 cert), the signature is considered valid in the PDF when opened in Adobe Reader. Am I missing something, or does signing X590 within the ODT not do anything actually useful, and is it scrubbed when exporting the signed ODT to PDF/A2/3 ?
Dear Ralf Hauser, Please read this message in its entirety before proceeding. Your bug report is being closed as INSUFFICIENTDATA due to inactivity and a lack of information which is needed in order to accurately reproduce and confirm the problem. We encourage you to retest your bug against the latest release. If the issue is still present in the latest stable release, we need the following information (please ignore any that you've already provided): a) Provide details of your system including your operating system and the latest version of LibreOffice that you have confirmed the bug to be present b) Provide easy to reproduce steps – the simpler the better c) Provide any test case(s) which will help us confirm the problem d) Provide screenshots of the problem if you think it might help e) Read all comments and provide any requested information Once all of this is done, please set the bug back to UNCONFIRMED and we will attempt to reproduce the issue. Please do not: a) respond via email b) update the version field in the bug or any of the other details on the top section of our bug tracker Warm Regards, QA Team MassPing-NeedInfo-FollowUp
At a minimum, this report could have been converted to a RFE, such as "Support Electronic Signature Types Other Than X.509 in PDF Export".