Bug 98545 - Digital signature with elliptic curve certificate not working
Summary: Digital signature with elliptic curve certificate not working
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
(earliest affected) release
Hardware: All Windows (All)
: medium normal
Assignee: Miklos Vajna
Depends on:
Blocks: Digital-Signatures
  Show dependency treegraph
Reported: 2016-03-09 10:15 UTC by eric.deschamps13
Modified: 2019-01-17 07:54 UTC (History)
6 users (show)

See Also:
Crash report or crash signature:
Regression By:


Note You need to log in before you can comment on or make changes to this bug.
Description eric.deschamps13 2016-03-09 10:15:27 UTC
On a windows 7 platform, I have two certificates available in the keystore: one RSA certificate and one ELC nist256 certificate.

I am able to view and sign an odt document with the RSA certificate but I am not able to view the ELC certificate in the LibreOffice popup window, thus not being able to sign the document.

I have the same behaviour whether the certificates are stored locally (ie. on the hard disk) or externally (ie. on a smart card).
Comment 1 Cor Nouws 2017-05-18 07:40:09 UTC
Hi eric,

Maybe unrelated, but I mention it anyway: https://vmiklos.hu/blog/xmlsec-lo54.html
Comment 2 Xisco Faulí 2017-05-23 22:00:18 UTC
Could you please try to reproduce it with the latest version of LibreOffice from https://www.libreoffice.org/download/libreoffice-fresh/ ?
I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the bug is still present in the latest version.
Comment 3 Miklos Vajna 2017-05-24 07:45:19 UTC
No need to test, this is a known problem. ECDSA works with NSS (Linux, macOS), but not with CryptoAPI (Windows). The hard part is CryptoAPI won't support this, which means most probably the whole Windows signing has to be ported to CNG first, and then it can support ECDSA. This affects libxmlsec + the mscrypto part of xmlsecurity/.
Comment 4 QA Administrators 2019-01-17 04:02:53 UTC Comment hidden (obsolete)
Comment 5 Miklos Vajna 2019-01-17 07:54:21 UTC
https://vmiklos.hu/blog/xmlsec-cng-ecsa.html LO 6.2 is meant to accept ECDSA certificates on Windows, I implemented the certificate chooser support for that in commit 93e33ba279e837356e157745177d7f6061d442b7. I did not mention this bug in the commit message as I forgot that this was already reported. So let's mark this as resolved.