The Help Pack for Windows is incorrect under the digital signature subtopic getting/managing/applying. On-line information was also incorrect the last time I checked. The Managing your Certificates is just wrong. It talks about Trusted Root Authorities lists and that has nothing to do with personal Private Key certificates. Recommendation 1 (Short Term): Delete the subtopic Recommendation 2 (Longer Term): Replace the topic with something more informative. The following coverage is suggested: """ Your digital signature private key will usually be generated and securely stored by Windows as part of the signature-issuance ceremony. Once the issuing Certificate Authority authority is satisfied that your computer produced the private key and you have satisfied any other identification requirements, the corresponding public key is signed by the Certificate Authority. (For personal keys obtained over the Internet, the private key is generated by your browser and it is not shared with the Certificate Authority.) If a private key is received by other means or you transfer it from another computer, you can install it on your Windows PC by double-clicking on the private key certificate and providing any required password. This private key may be known to others (such as an organizational or governmental security administation) depending on how it was issued to you. Public keys of others that you use to verify documents signed by them and to encrypt by digital signature for their eyes only tend to be retained on your system by the software products that provide confirmation of those signatures and that support encryption using public keys of others. In some cases you will need to manage those public-key certificates yourself. The general management of public and private keys on your PC will vary depending on the version of Windows you are operating. For more information, use the "Help and Support" topic of your Windows version and search for "digital signature". """
[This is an automated message.] This bug was filed before the changes to Bugzilla on 2011-10-16. Thus it started right out as NEW without ever being explicitly confirmed. The bug is changed to state NEEDINFO for this reason. To move this bug from NEEDINFO back to NEW please check if the bug still persists with the 3.5.0 beta1 or beta2 prereleases. Details on how to test the 3.5.0 beta1 can be found at: http://wiki.documentfoundation.org/QA/BugHunting_Session_3.5.0.-1 more detail on this bulk operation: http://nabble.documentfoundation.org/RFC-Operation-Spamzilla-tp3607474p3607474.html
Dear bug submitter! Due to the fact, that there are a lot of NEEDINFO bugs with no answer within the last six months, we close all of these bugs. To keep this message short, more infos are available @ https://wiki.documentfoundation.org/QA/NeedinfoClosure#Statement Thanks for understanding and hopefully updating your bug, so that everything is prepared for developers to fix your problem. Yours! Florian
nobody tested yet
*** Bug 36971 has been marked as a duplicate of this bug. ***
*** Bug 36972 has been marked as a duplicate of this bug. ***
My testing on 3.6.1.2 and Windows XP, if I open the Digital Signature dialog, and click on the "Help" button, I get taken to the general help index. In theory, this should take the user directly to the help topic, assuming one is available. I have the French version of LO, and the help topics on "Overview" and "Obtaining/Managing/Applying" signatures seems to be correct there, so can not confirm for locale fr_FR. This WFM. Alex
orcmid : please try with one of the latest release versions or a recent developer build, and report back.
Dear Bug Submitter, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INVALID due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/FDO/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team
Hello prcmid, *, would you be so kind to answer Alex' question from comment 10, please? I also would be interested, if it is fixed in a newer version of LO than 3.4.0 Beta4 ... ;) Sorry for the inconvenience Thomas.
@thackert, Thank you for your direct request. I have provided confirmation below. I have ignored all of the NEEDINFO business because it was part of automated house-keeping. As the submitter, it made something my job that I felt was unnecessary. 1. No person has made a request for more information that would clarify any question about the bug report. 2. I am asked to report whether it is fixed or not, without any indication that anyone took action that might have fixed it. I.e., "we did something about this, would you look at it to confirm that we've resolve the issue you reported?" None of that happened. I did considerable work to identify the problem (without providing screen captures and keyboard sequences) and to propose a solution (well, in the context of how Windows does it). In fact, there has been no change. The situation is the same as it apparently has been for years. REPRODUCTION/CONFIRMATION [Done 2013-07-04T16:24Z using embedded Help with LibreOffice 4.0.1.2 on Windows en-x86.] 1. Open LibreOffice Writer with a blank document. 2. Click Help and get LibreOffice embedded Help. 3. In the Index, Search term tab, type "digital signatures" 4. When the "digital signatures" term scrolls up, click the "getting/managing/applying" subtopic. 5. Read the Managing Certificates topic. That is wrong. Getting new root certificates is something you can do. It has nothing to do with having your own private key certificate and how it ends up in a protected key store on your machine. It is true that a recipient of something signed by you needs a trusted root certificate to verify the authenticity of your *public* key, because it is counter-signed by the CA, but that is a different part of the protocol that is not addressed in this topic at all. Going into details probably requires explanation of how this is different on different platforms. I gave a lengthy suggestion as something that could be adapted for the Windows case. It is probably best to link form embedded help to more-extensive explanations in on-line help, on a wiki, or somewhere that provides factual information about this. Finally, I would like to point out that it is remarkable to suggest on that same page that signing macros is worthless for a document that is signed. That's not true. Unless it is simply implemented horribly wrong, the signatures on macros should survive editing of the document so long as a signed macro is not edited. That's the point of having macros signed, so that they can be trusted by people when they are found in documents and when they are reused too. When a signed document is edited, that is no reason to invalidate the separately-created signatures on embedded macros that are not touched, whether or not still used.
(In reply to comment #12) > Hello prcmid, *, > would you be so kind to answer Alex' question from comment 10, please? I > also would be interested, if it is fixed in a newer version of LO than 3.4.0 > Beta4 ... ;) > Sorry for the inconvenience > Thomas. Thanks for your request. I have provided confirmation that the poor embedded help remains. The defective text is from way back and is identical in Apache OpenOffice 3.4.1. (I haven't checked the 4.0 yet, but I'd be amazed for it to have changed. I don't recall if I ever made the same bug report on the Apache Bugzilla. I don't think so.) Of course, my contributions here are subject to my contribution declaration provided to TDF, so Apache can use it to. It would probably be better all around if I got it fixed on Apache OpenOffice where you can then use all of it that suits LibreOffice too.
(In reply to comment #14) It would probably be better all > around if I got it fixed on Apache OpenOffice where you can then use all of > it that suits LibreOffice too. There was no report on this against OpenOffice.org or Apache OpenOffice. I have opened a companion bug report on the Apache OPenOffice Bugzilla at https://issues.apache.org/ooo/show_bug.cgi?id=122697 Any further contributions that I make on this defect will be tied to that bug report. Those contributions are automatically licensed to anyone under a declaration that I have already recorded. Any update by the project will be under Apache License Version 2.0 as well.
Dear Bug Submitter, Please read this message in its entirety before proceeding. Your bug report is being closed as INVALID due to inactivity and a lack of information which is needed in order to accurately reproduce and confirm the problem. We encourage you to retest your bug against the latest release. If the issue is still present in the latest stable release, we need the following information (please ignore any that you've already provided): a) Provide details of your system including your operating system and the latest version of LibreOffice that you have confirmed the bug to be present b) Provide easy to reproduce steps – the simpler the better c) Provide any test case(s) which will help us confirm the problem d) Provide screenshots of the problem if you think it might help e) Read all comments and provide any requested information Once all of this is done, please set the bug back to UNCONFIRMED and we will attempt to reproduce the issue. Please do not: a) respond via email b) update the version field in the bug or any of the other details on the top section of FDO
Olivier Hallot committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/help/commit/?id=9e31d6fffa7505c009c603f3fd605eea9460958d tdf#36970 Revisit digital signature help content