Description: Meta bug for known issues and open feature requests around OpenPGP usage in LibreOffice. Steps to Reproduce: meta bug Actual Results: meta bug Expected Results: still a meta bug Reproducible: Always User Profile Reset: No Additional Info: meta bug
I found some problems with GPG and related NSS (X.509) problems, for which no bug report seems to exist yet. So I list them here to keep track of them. Please feel free to formulate separate tickets for them. By the way, this is how I understand the terminology. OpenPGP: open technical standard PGP: initial proprietary software from which OpenPGP originated GnuPG (short GPG): Open Source implementation by GNU So LibreOffice encrypts and signs by the OpenPGP standard, using GnuPG as keyring. Save dialog -> Password and GPG encryption: https://git.libreoffice.org/core/+/ca5c9591ba38ad83415a2d4ced98bfc74d30b032/sfx2/source/dialog/filedlghelper.cxx#1420 `mbPwdCheckBoxState` becomes also set to true if the file is OpenPGP encrypted. (not with a password) https://git.libreoffice.org/core/+/ca5c9591ba38ad83415a2d4ced98bfc74d30b032/sfx2/source/dialog/filedlghelper.cxx#1538 LO also asks for a password if `CHECKBOX_GPGENCRYPTION` && `CHECKBOX_PASSWORD` are checked. But only encrypts using GPG and discards the password. GPG "Certificate Manager" for OpenPGP: Make clear, that the the term "Certificate Manager" refers to the GPG keyring for OpenPGP keys. (GPG can also handle X.509, but LibreOffice doesn't use that feature) The GPG "Certificate Manager" is NOT for X.509. Instead for LibreOffice uses Mozilla (Firefox, Thunderbird, SeaMonkey) to manage X.509 certificates. The term "Certificate Manager" is found here: - File -> Digital Signatures -> Digital Signatures... -> Certificate Chooser -> Start Certificate Manager - Options -> LibreOffice -> Security -> Certificate Manager It runs one of these programs as GUI for managing GPG. https://git.libreoffice.org/core/+/ca5c9591ba38ad83415a2d4ced98bfc74d30b032/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx#74 Here's a bug report, which is a mess up resulting from this obscurity: https://bugs.documentfoundation.org/show_bug.cgi?id=133941#c6 "Start Certificate Manager in Windows should start certificates system store" FUTURE TODO: Think about loading OpenPGP keys and X.509 certificates from a common source. Either Thunderbird (Firefox has no OpenPGP) or GnuPG/GPG. Both can manage OpenPGP and X.509. (Thunderbird >= 78 introduced it's own OpenPGP store in 2020) CertificateChooser dialog: Give a hint, that the X.509 keys are from Mozilla (Firefox / Thundebird / SeaMonkey), but the GPG keys are from GnuPG and NOT from Mozilla. (Thunderbird >= 78 introduced an internal GPG keyring in 2020) More problems in this dialog: - Table has column headers for `Issued to`, `Issued by` and `Expiration date`. But the column only contains `Issued to` stretched to full width. - REGRESSION (working in LO-7.4) - Outdated X.509 certificates can't be identified. - Filtering doesn't work for X.509 (only for GPG). - X.509 and PGP entries for the same identity (email / name) can't be easily distinguished. - Workaround: misuse use broken filtering *(see below)* to tell GPG and X.509 apart 🤪 Encrypt ODF: CertificateChooser lists GPG keys for ENCRYPTION which are marked for SIGNING ONLY. Error message when encrypting: "OpenPGP key not trusted, damaged, or encryption failure. Please try again." GNUPGHOME=libreoffice.git/test/signing-keys has a sign-only and an encrypt-only PUBLIC key. TODO: Add private test keys with sign-only and encrypt-only to test the other way around when signing. Broken window resize rules: View Certificate # can't read long lines in "Details" tab, resize blocked Options -> LibreOffice -> Security -> Certificate Path / Certificate X.509: ODF signing: X.509 signing doesn't work REGRESSION Worked for outdated and for valid certificates in LO-7.4. Broken in: LO-24.8.0.0.alpha1+ (Build ID: 71f3be3bee2e8a07f85594c02a9b44627b219e95) Valid certificate - stderr: warn:xmlsecurity.xmlsec:3979175:3979175:xmlsecurity/source/xmlsec/errorcallback.cxx:54: x509vfy.c:480: xmlSecNssX509StoreVerifyCert() '' '' 71 'subject="E=EMAIL@EXAMPLE.ORG,CN=FIRSTNAME LASTNAME"; reason=-8179' Outdated certificate - stderr: warn:xmlsecurity.xmlsec:3976088:3976088:xmlsecurity/source/xmlsec/errorcallback.cxx:54: x509vfy.c:470: xmlSecNssX509StoreVerifyCert() '' '' 76 'subject="E=EMAIL@EXAMPLE.ORG,CN=FIRSTNAME LASTNAME"; reason=expired' X.509 & GPG: PDF signing: Linked bug 115884 because it's a problem for X.509 caused by the introduction of GPG. https://bugs.documentfoundation.org/show_bug.cgi?id=115884#c18 "PDF signing should mention it only works with x509 certificates" X.509: NSS Password dialog: Make clear that a Mozilla profile password is requested and for which Mozilla profile. The dialog currently only states: "Enter password to open file: NSS Certificate DB" (normal users won't even know what's "NSS") X.509: CertificateChooser: Make clear from which Mozilla profile the X.509 keys are loaded. Else the user might look for a key from another profile. It's NOT enough to show this hint in NSS Password dialog, because Mozilla profile might not have a password. Additionally the dialog only shows one X.509 certificate per email and it's unclear which one (probably the one imported into Thunderbird first). That's a problem when outdated certificates are not deleted from Thunderbird, which is common practice to continue reading ole mails. Related: https://bugs.documentfoundation.org/show_bug.cgi?id=119811 "LibreOffice 6.0.6 spies on my Firefox keychain when opening MS documents"
Moritz Duge committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/55e74a33c757ffa40ce2ea50d986c60b9c84732b Related tdf#158839: pw and GPG encryption, add comments and TODOs It will be available in 24.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Can you please file individual bugs, ideally one problem per bug. This here is a meta bug. You can then connect your bugs with this meta bug here.
(In reply to steve from comment #3) > Can you please file individual bugs, ideally one problem per bug. [...] Sorry for that. I was a little short on time. Here's the first separate two bugs: Bug 161871: Certificate Chooser -> regression 9f327102c: columns broken, users may explicitly use X.509 or GPG, usage needed (no preselection implemented) (set as dependency for this GPG meta bug) Bug 161872: regression: ODF X.509 signing doesn't work since libxmlsec 1.2.37 -> 1.3.1 (turns out this has probably nothing to do with GPG, so I didn't made it a dependency of this GPG meta bug)