Description: I made a simple test case against Writer and Draw. A user would typically create a Writer document and export it as PDF before sharing either the latter or both with a third party. The real challenge is digitally signing both of them. While the task went smoothly with Writer, Draw was plain dumb. I understand that PAdES is quite complex, but I expect that at least the minimal BASELINE-B level (even without a visible signature) to be working flawlessly. In order to rule out a potential problem with my signing certificate and/or algorithm, I used a free online service (pkitools.net) to sign my PDF. To ensure that pkitools.net signature is valid, I used ETSI's signatures conformance checker. Steps to Reproduce: 1. Open Writer app, edit a sample document and save it. 2. Sign the saved odt document (File→Digital Signatures→Digital Signatures...) 3. File→Export as→Export as PDF... 4. File→Digital Signatures→Sign Existing PDF... Actual Results: The whole process is straight forward (simple and intuitive). Draw will open up the PDF file in read-only mode, awaiting user’s action. Upon selecting the certificate as usual then pressing the Sign button (within the Select Certificate dialog), nothing happens: no warnings or errors. Nada! Expected Results: The PDF is digitally signed. Reproducible: Always User Profile Reset: No Additional Info: I didn't spell checked my document, so please ignore any typos or grammar errors.
Created attachment 201387 [details] LibreOffice_Digital_Signatures_Test.odt This is the original document that I signed in Writer w/o any problem.
Created attachment 201388 [details] LibreOffice_Digital_Signatures_Test.pdf This is the exported PDF version of the original document. This is also the PDF that Draw couldn't sign or didn't know how to.
Created attachment 201389 [details] LibreOffice_Digital_Signatures_Test.signed.PAdES.baseline-b.ETSI.CAdES.detached.pdf This is the digitally signed version of the very same PDF. As already explained, I used the free online service pkitools.net. Obviously, given the complexities of PAdES, there are issues with that implementation as well. The visible signature option (checkbox tick) would not work and return a server error. Due to my self-imposed validation requirements, I chose the ETSI way.
Created attachment 201390 [details] Report_from_signatures-conformance-checker.etsi.org.zip This is the ETSI validation result (ran against the previously signed PDF).
Created attachment 201406 [details] Adobe_PDF_Visual_Signature_Personalization.pdf This PDF's content shall be treated as a related RFE. It would be nice to catch up on Adobe's lead and offer advanced features in LO as well.
Created attachment 201419 [details] Visible_Digital_Signature_Personalization.odg As already suspected, there is no trouble at all with LO's native formats. This odg sample was signed in Draw w/o any problem.
Created attachment 201420 [details] LibreOffice_Digital_Signatures_Test.ods This ods sample was signed in Calc w/o any problem.
Created attachment 201421 [details] Libre_Office_Digital_Signatures_Test.odp This odp sample was signed in Impress w/o any problem.
One last thought: it would be nice/beneficial if LO would implement an automatic DS conversion for alredy signed native documents (preSigned) that would translate from CAdES/XAdES to PAdES during PDF export action/process. That way, the resulting PDF will inherit DS from its source/parent document.
Yesterday, I had another look at the problem and I searched for a better workaround than using various online services. During this second pass, I spent a little bit of time trying to understand the PAdES levels (profiles). It's quite obvious that LT/LTA introduce additional complexities, thus I decided to focus on the basic profile. During my trial and error, I also generated a new SA certificate for signing, hoping to be more "validation friendly". It wasn't, but at least I was happy with my newly discovered solution/workaround. It's an OSS project called "openpdfsign". The official website is https://www.openpdfsign.org. With this tool, I could easily place a "visible digital signature" onto a new PDF sample. And the best of it, all from the comfort of my terminal. In the next update, I will attach both: the PDF sample signed with the old/original SA cert and the one signed with the new SA cert. Of course, at first sight, they look similar, yet they are not.
Created attachment 201815 [details] Printer_Test_Page_DS_old_SA_crt.pdf Visible PDF digital signature (with the old SA certificate).
Created attachment 201816 [details] Printer_Test_Page_DS_new_SA_crt.pdf Visible PDF digital signature (with the new SA certificate).