currently to apply a digital signature to an ODF/OOXML document, the user has to use the File->Digital Signatures->Digital Signatures... dialog. this requires that the file is saved first, and after it is signed, the user gets prompted to remember the certificate, and if it is saved again, it will be signed with the same certificate. but if the user closes the document, the next time it's opened and edited, the user has to go to the same menu item to sign it again. there are also settings in Tools->Options->User Data to set a default OpenPGP signing key and encryption key, but this only causes this singing key to be pre-selected in the Select Certificate dialog. it should be possible to make this more user-friendly, to sign with a certificate automatically in some situations. there is also a privacy aspect to be taken into consideration though: of course the certificate usually contains the user's name and perhaps other personal data, organizational affiliation etc., so probably it's not a good idea to sign *every* document that the user stores. in general LO supports 2 different kinds of certificate, so an obvious improvement is to add an option for a default X509 certificate in Tools->Options, or extend the current setting to allow selecting X509 in addition to OpenPGP. then perhaps a checkbox could be added to the file chooser dialog; when storing a file, it already has "Encrypt with GPG key" so it could have a "Sign with default certificate" checkbox too (note this needs adding to ~6 file chooser services). other ideas would be to automatically sign a document if it's stored encrypted with a password or with a GPG key - perhaps with a Tools->Options checkbox. (but not sure if this is desirable, and it sort of contradicts the previous idea - if there is a checkbox in the file chooser and in Tools->Options how should it work...) we might have time to implement something here but i'd first like to know how it should work :)
(In reply to Michael Stahl (allotropia) from comment #0) > it should be possible to make this more user-friendly, to sign with a > certificate automatically in some situations. I could imagine another checkbox on the save dialog. Although it's an ugly solution right now, perhaps we could replace all the additional non-standard checkboxes with a button "Options" and provide them in an extra dialog. Or use some expanding parent control. > add an option for a default X509 certificate in Tools->Options > or extend the current setting to allow selecting X509 in addition to OpenPGP. Tools > Options > Security > Certificate allows to pick a default certificate, doesn't it? > a checkbox could be added to the file chooser dialog; when > storing a file, it already has "Encrypt with GPG key" so it could have a > "Sign with default certificate" checkbox too (note this needs adding to ~6 > file chooser services). Yes, and the checkbox would be disabled if no default is defined. But I don't get "~6 file chooser services". In the end I wonder if we should change the workflow much. To me the procedure is some kind of 3rd party tool that modifies the document after processing by LibreOffice. We just make the access a bit more user friendly. Essentially the proposal is to move the command from File > Digital Signature into the Save dialog. Needs to be done for PDF too, of course.
(In reply to Heiko Tietze from comment #1) > (In reply to Michael Stahl (allotropia) from comment #0) > > add an option for a default X509 certificate in Tools->Options > > or extend the current setting to allow selecting X509 in addition to OpenPGP. > Tools > Options > Security > Certificate allows to pick a default > certificate, doesn't it? i can only choose a NSS profile directory there, no certificate, and the button doesn't exist on WNT (which doesn't use NSS).
We discussed the topic in the design meeting. The most easy solution might be to have a default signature defined in tools > options > security and just the option to apply in the save dialog; if another than the default signature is needed one would have to use file > digital signature as of today. To avoid too cluttering the save dialog with options we could move all into a dialog. Or "hide" all checkboxes behind an expander.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/426c641976688e3e4d1ce66f76b27ccbd2dca55a tdf#159040: add sign with default certificate to save dialog It will be available in 25.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
https://git.libreoffice.org/core/+/426c641976688e3e4d1ce66f76b27ccbd2dca55a%5E%21 The new "Sign with default certificate" checkbox in the "Save as" dialog should only be enabled for supported file types. I guess at least for TXT files no signing is implemented. This should be similar to: https://gerrit.libreoffice.org/c/core/+/168001 And maybe it's worth thinking about what happens on signing when a configured key/cert has expired. In general I think LibreOffice shouldn't forbid signing with an expired key. Because checking the validity is the job of the software which opens the file and not the one which saves the file. And the usage of an old key can be forged anyway by setting the system clock. See also: bug 161872 comment 11 regression: ODF X.509 signing doesn't work since libxmlsec 1.2.37 -> 1.3.1 (reason: LO >= 24.2 requires trusted CA) But nevertheless it probably makes sense to warn the user if the configured key has expired when saving with "Sign with default certificate" enabled.
Sarper Akdemir committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/9786f8ea59ccc9225871888d23b5af9ed16a5e5f tdf#159040 tdf#162206: better the user key selection and test sign with default It will be available in 25.2.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Unsure what expected behavior would look like for this issue here. Saving a document shows an option "Sign with default certificate". I am not using S/MIME, only OpenPGP. > there are also settings in Tools->Options->User Data to set a default OpenPGP signing key and encryption key, but this only causes this singing key to be pre-selected in the Select Certificate dialog. I do not see this option in LibreOffice on macOS. Guess that is Preferences > LibreOffice > User Data, where indeed a signing key can be selected. Hah, and that worked fine. Here's a follow-up issue to grey out the option in save dialog, when no default signing cert / key is set: https://bugs.documentfoundation.org/show_bug.cgi?id=162395 I did not verify all ~6n file chooser dialogs, so hesitant to set to verified.