Bug 36970 - Help on Managing Digital Signatures is incorrect
Summary: Help on Managing Digital Signatures is incorrect
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Documentation (show other bugs)
(earliest affected)
Inherited From OOo
Hardware: Other All
: medium normal
Assignee: Olivier Hallot
Whiteboard: target:6.1.0
: 36971 36972 (view as bug list)
Depends on:
Blocks: HelpGaps-NewFeatures Help
  Show dependency treegraph
Reported: 2011-05-08 08:43 UTC by orcmid
Modified: 2018-02-27 23:45 UTC (History)
4 users (show)

See Also:
Crash report or crash signature:


Note You need to log in before you can comment on or make changes to this bug.
Description orcmid 2011-05-08 08:43:39 UTC
The Help Pack for Windows is incorrect under the digital signature subtopic getting/managing/applying.  On-line information was also incorrect the last time I checked.

The Managing your Certificates is just wrong.  It talks about Trusted Root Authorities lists and that has nothing to do with personal Private Key certificates.

Recommendation 1 (Short Term): Delete the subtopic

Recommendation 2 (Longer Term): Replace the topic with something more informative.  The following coverage is suggested:

Your digital signature private key will usually be generated and securely stored by Windows as part of the signature-issuance ceremony.  Once the issuing Certificate Authority authority is satisfied that your computer produced the private key and you have satisfied any other identification requirements, the corresponding public key is signed by the Certificate Authority.  (For personal keys obtained over the Internet, the private key is generated by your browser and it is not shared with the Certificate Authority.)

If a private key is received by other means or you transfer it from another computer, you can install it on your Windows PC by double-clicking on the private key certificate and providing any required password.  This private key may be known to others (such as an organizational or governmental security administation) depending on how it was issued to you.

Public keys of others that you use to verify documents signed by them and to encrypt by digital signature for their eyes only tend to be retained on your system by the software products that provide confirmation of those signatures and that support encryption using public keys of others.  In some cases you will need to manage those public-key certificates yourself.

The general management of public and private keys on your PC will vary depending on the version of Windows you are operating.  For more information, use the "Help and Support" topic of your Windows version and search for "digital signature".
Comment 1 Björn Michaelsen 2011-12-23 12:06:46 UTC Comment hidden (obsolete)
Comment 2 Florian Reisinger 2012-08-14 14:04:01 UTC Comment hidden (obsolete)
Comment 3 Florian Reisinger 2012-08-14 14:04:54 UTC Comment hidden (obsolete)
Comment 4 Florian Reisinger 2012-08-14 14:09:22 UTC Comment hidden (obsolete)
Comment 5 Florian Reisinger 2012-08-14 14:11:22 UTC Comment hidden (obsolete)
Comment 6 sasha.libreoffice 2012-09-04 11:55:57 UTC
nobody tested yet
Comment 7 sasha.libreoffice 2012-09-04 11:56:45 UTC
*** Bug 36971 has been marked as a duplicate of this bug. ***
Comment 8 sasha.libreoffice 2012-09-04 11:57:59 UTC
*** Bug 36972 has been marked as a duplicate of this bug. ***
Comment 9 Alex Thurgood 2012-09-05 11:04:14 UTC
My testing on and Windows XP, if I open the Digital Signature dialog, and click on the "Help" button, I get taken to the general help index. In theory, this should take the user directly to the help topic, assuming one is available.

I have the French version of LO, and the help topics on "Overview" and "Obtaining/Managing/Applying" signatures seems to be correct there, so can not confirm for locale fr_FR.

This WFM.

Comment 10 Alex Thurgood 2012-09-05 11:05:30 UTC
orcmid : please try with one of the latest release versions or a recent developer build, and report back.
Comment 11 QA Administrators 2013-05-29 14:00:06 UTC Comment hidden (obsolete)
Comment 12 Thomas Hackert 2013-07-04 15:38:23 UTC
Hello prcmid, *,
would you be so kind to answer Alex' question from comment 10, please? I also would be interested, if it is fixed in a newer version of LO than 3.4.0 Beta4 ... ;)
Sorry for the inconvenience
Comment 13 orcmid 2013-07-04 16:31:36 UTC

Thank you for your direct request.  I have provided confirmation below.

I have ignored all of the NEEDINFO business because it was part of automated house-keeping.  As the submitter, it made something my job that I felt was unnecessary.

 1. No person has made a request for more information that would clarify any question about the bug report.

 2. I am asked to report whether it is fixed or not, without any indication that anyone took action that might have fixed it.  I.e., "we did something about this, would you look at it to confirm that we've resolve the issue you reported?"

None of that happened.  I did considerable work to identify the problem (without providing screen captures and keyboard sequences) and to propose a solution (well, in the context of how Windows does it).

In fact, there has been no change.  The situation is the same as it apparently has been for years.


[Done 2013-07-04T16:24Z using embedded Help with LibreOffice on Windows en-x86.]

 1. Open LibreOffice Writer with a blank document.
 2. Click Help and get LibreOffice embedded Help.
 3. In the Index, Search term tab, type "digital signatures"
 4. When the "digital signatures" term scrolls up, click the "getting/managing/applying" subtopic.
 5. Read the Managing Certificates topic.  That is wrong.  Getting new root certificates is something you can do.  It has nothing to do with having your own private key certificate and how it ends up in a protected key store on your machine.  

It is true that a recipient of something signed by you needs a trusted root certificate to verify the authenticity of your *public* key, because it is counter-signed by the CA, but that is a different part of the protocol that is not addressed in this topic at all.

Going into details probably requires explanation of how this is different on different platforms.  I gave a lengthy suggestion as something that could be adapted for the Windows case.  It is probably best to link form embedded help to more-extensive explanations in on-line help, on a wiki, or somewhere that provides factual information about this.

Finally, I would like to point out that it is remarkable to suggest on that same page that signing macros is worthless for a document that is signed.  That's not true.  

Unless it is simply implemented horribly wrong, the signatures on macros should survive editing of the document so long as a signed macro is not edited.  That's the point of having macros signed, so that they can be trusted by people when they are found in documents and when they are reused too.  When a signed document is edited, that is no reason to invalidate the separately-created signatures on embedded macros that are not touched, whether or not still used.
Comment 14 orcmid 2013-07-04 16:47:29 UTC
(In reply to comment #12)
> Hello prcmid, *,
> would you be so kind to answer Alex' question from comment 10, please? I
> also would be interested, if it is fixed in a newer version of LO than 3.4.0
> Beta4 ... ;)
> Sorry for the inconvenience
> Thomas.

Thanks for your request.  I have provided confirmation that the poor embedded help remains.  

The defective text is from way back and is identical in Apache OpenOffice 3.4.1.  (I haven't checked the 4.0 yet, but I'd be amazed for it to have changed.  I don't recall if I ever made the same bug report on the Apache Bugzilla.  I don't think so.)

Of course, my contributions here are subject to my contribution declaration provided to TDF, so Apache can use it to.  It would probably be better all around if I got it fixed on Apache OpenOffice where you can then use all of it that suits LibreOffice too.
Comment 15 orcmid 2013-07-05 19:02:09 UTC
(In reply to comment #14)
It would probably be better all
> around if I got it fixed on Apache OpenOffice where you can then use all of
> it that suits LibreOffice too.

There was no report on this against OpenOffice.org or Apache OpenOffice.  I have opened a companion bug report on the Apache OPenOffice Bugzilla at https://issues.apache.org/ooo/show_bug.cgi?id=122697

Any further contributions that I make on this defect will be tied to that bug report.  Those contributions are automatically licensed to anyone under a declaration that I have already recorded.  Any update by the project will be under Apache License Version 2.0 as well.
Comment 16 QA Administrators 2013-07-08 21:22:34 UTC Comment hidden (obsolete)
Comment 17 Commit Notification 2018-02-27 21:39:40 UTC
Olivier Hallot committed a patch related to this issue.
It has been pushed to "master":


tdf#36970 Revisit digital signature help content