Bug 158839 (OpenPGP) - [META] OpenPGP bugs and enhancements
Summary: [META] OpenPGP bugs and enhancements
Status: NEW
Alias: OpenPGP
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
unspecified
Hardware: All All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on: 113192 133941 155012 157724 159586 159587 160701 161910 108828 115884 152524 155125 156344 156352 156979 159040 159307 160184 161871 161909 162395
Blocks:
  Show dependency treegraph
 
Reported: 2023-12-23 15:27 UTC by steve
Modified: 2024-08-08 13:32 UTC (History)
1 user (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description steve 2023-12-23 15:27:11 UTC
Description:
Meta bug for known issues and open feature requests around OpenPGP usage in LibreOffice.

Steps to Reproduce:
meta bug

Actual Results:
meta bug

Expected Results:
still a meta bug


Reproducible: Always


User Profile Reset: No

Additional Info:
meta bug
Comment 1 Moritz Duge (allotropia) (a.k.a. kolAflash) 2024-05-27 13:12:12 UTC
I found some problems with GPG and related NSS (X.509) problems, for which no bug report seems to exist yet. So I list them here to keep track of them. Please feel free to formulate separate tickets for them.


By the way, this is how I understand the terminology.
OpenPGP: open technical standard
PGP: initial proprietary software from which OpenPGP originated
GnuPG (short GPG): Open Source implementation by GNU
So LibreOffice encrypts and signs by the OpenPGP standard, using GnuPG as keyring.


Save dialog -> Password and GPG encryption:
https://git.libreoffice.org/core/+/ca5c9591ba38ad83415a2d4ced98bfc74d30b032/sfx2/source/dialog/filedlghelper.cxx#1420
`mbPwdCheckBoxState` becomes also set to true if the file is OpenPGP encrypted. (not with a password)
https://git.libreoffice.org/core/+/ca5c9591ba38ad83415a2d4ced98bfc74d30b032/sfx2/source/dialog/filedlghelper.cxx#1538
LO also asks for a password if `CHECKBOX_GPGENCRYPTION` && `CHECKBOX_PASSWORD` are checked. But only encrypts using GPG and discards the password.


GPG "Certificate Manager" for OpenPGP:
Make clear, that the the term "Certificate Manager" refers to the GPG keyring for OpenPGP keys.
(GPG can also handle X.509, but LibreOffice doesn't use that feature)
The GPG "Certificate Manager" is NOT for X.509. Instead for LibreOffice uses Mozilla (Firefox, Thunderbird, SeaMonkey) to manage X.509 certificates.
The term "Certificate Manager" is found here:
- File -> Digital Signatures -> Digital Signatures...
  -> Certificate Chooser -> Start Certificate Manager
- Options -> LibreOffice -> Security -> Certificate Manager
It runs one of these programs as GUI for managing GPG.
https://git.libreoffice.org/core/+/ca5c9591ba38ad83415a2d4ced98bfc74d30b032/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx#74
Here's a bug report, which is a mess up resulting from this obscurity:
https://bugs.documentfoundation.org/show_bug.cgi?id=133941#c6
"Start Certificate Manager in Windows should start certificates system store"
FUTURE TODO:
Think about loading OpenPGP keys and X.509 certificates from a common source. Either Thunderbird (Firefox has no OpenPGP) or GnuPG/GPG. Both can manage OpenPGP and X.509.
(Thunderbird >= 78 introduced it's own OpenPGP store in 2020)


CertificateChooser dialog:
Give a hint, that the X.509 keys are from Mozilla (Firefox / Thundebird / SeaMonkey), but the GPG keys are from GnuPG and NOT from Mozilla. (Thunderbird >= 78 introduced an internal GPG keyring in 2020)
More problems in this dialog:
- Table has column headers for `Issued to`, `Issued by` and `Expiration date`.
  But the column only contains `Issued to` stretched to full width.
  - REGRESSION (working in LO-7.4)
  - Outdated X.509 certificates can't be identified.
- Filtering doesn't work for X.509 (only for GPG).
- X.509 and PGP entries for the same identity (email / name) can't be easily distinguished.
  - Workaround: misuse use broken filtering *(see below)* to tell GPG and X.509 apart 🤪


Encrypt ODF:
CertificateChooser lists GPG keys for ENCRYPTION which are marked for SIGNING ONLY.
Error message when encrypting: "OpenPGP key not trusted, damaged, or encryption failure. Please try again."
GNUPGHOME=libreoffice.git/test/signing-keys has a sign-only and an encrypt-only PUBLIC key.
TODO: Add private test keys with sign-only and encrypt-only to test the other way around when signing.


Broken window resize rules:
View Certificate  # can't read long lines in "Details" tab, resize blocked
Options -> LibreOffice -> Security -> Certificate Path / Certificate


X.509: ODF signing: X.509 signing doesn't work
REGRESSION
Worked for outdated and for valid certificates in LO-7.4.
Broken in: LO-24.8.0.0.alpha1+ (Build ID: 71f3be3bee2e8a07f85594c02a9b44627b219e95)
Valid certificate - stderr:
warn:xmlsecurity.xmlsec:3979175:3979175:xmlsecurity/source/xmlsec/errorcallback.cxx:54: x509vfy.c:480: xmlSecNssX509StoreVerifyCert() '' '' 71 'subject="E=EMAIL@EXAMPLE.ORG,CN=FIRSTNAME LASTNAME"; reason=-8179'
Outdated certificate - stderr:
warn:xmlsecurity.xmlsec:3976088:3976088:xmlsecurity/source/xmlsec/errorcallback.cxx:54: x509vfy.c:470: xmlSecNssX509StoreVerifyCert() '' '' 76 'subject="E=EMAIL@EXAMPLE.ORG,CN=FIRSTNAME LASTNAME"; reason=expired'


X.509 & GPG: PDF signing:
Linked bug 115884 because it's a problem for X.509 caused by the introduction of GPG.
https://bugs.documentfoundation.org/show_bug.cgi?id=115884#c18
"PDF signing should mention it only works with x509 certificates"


X.509: NSS Password dialog:
Make clear that a Mozilla profile password is requested and for which Mozilla profile.
The dialog currently only states:
"Enter password to open file: NSS Certificate DB"
(normal users won't even know what's "NSS")


X.509: CertificateChooser:
Make clear from which Mozilla profile the X.509 keys are loaded. Else the user might look for a key from another profile. It's NOT enough to show this hint in NSS Password dialog, because Mozilla profile might not have a password.
Additionally the dialog only shows one X.509 certificate per email and it's unclear which one (probably the one imported into Thunderbird first). That's a problem when outdated certificates are not deleted from Thunderbird, which is common practice to continue reading ole mails.
Related:
https://bugs.documentfoundation.org/show_bug.cgi?id=119811
"LibreOffice 6.0.6 spies on my Firefox keychain when opening MS documents"
Comment 2 Commit Notification 2024-05-27 20:18:41 UTC
Moritz Duge committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/55e74a33c757ffa40ce2ea50d986c60b9c84732b

Related tdf#158839: pw and GPG encryption, add comments and TODOs

It will be available in 24.8.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 3 steve 2024-06-02 15:57:30 UTC
Can you please file individual bugs, ideally one problem per bug. This here is a meta bug. You can then connect your bugs with this meta bug here.
Comment 4 Moritz Duge (allotropia) (a.k.a. kolAflash) 2024-07-02 14:34:48 UTC
(In reply to steve from comment #3)
> Can you please file individual bugs, ideally one problem per bug. [...]
Sorry for that. I was a little short on time.
Here's the first separate two bugs:

Bug 161871:
Certificate Chooser -> regression 9f327102c: columns broken, users may explicitly use X.509 or GPG, usage needed (no preselection implemented)
(set as dependency for this GPG meta bug)

Bug 161872:
regression: ODF X.509 signing doesn't work since libxmlsec 1.2.37 -> 1.3.1
(turns out this has probably nothing to do with GPG, so I didn't made it a dependency of this GPG meta bug)