Ĩesky | english
Signing Documents
Before you can sign documents in OpenOffice (version 2.0 and later) you need to add/import your client certificate. Depending on your OS you firts must add this in the MS Crypto engine (Windows) or you should set a environment variable directing to your Mozilla product which includes your key in it's profile (Solaris, Linux).
Linux/Solaris: You need to export your thunderbird/firefox profile path in the environment variable MOZILLA_CERTIFICATE_FOLDER. For example add this into your ~/.bashrc:
export MOZILLA_CERTIFICATE_FOLDER=~/.mozilla/firefox/Mzg25Tns.default
Please see the proposed solution from OpenOffice: http://wiki.services.openoffice.org/wiki/Certificate_Detection
Windows: In Windows open the "Control Panel-Internet options-Content-Certificates" and add your certificate and your key-pair (normaly one p12 file) to your own certificates (in german Windows installations it's called "Systemsteuerung-Internetoptionen-Inhalte-Zertifikate...").
If you don't already have P12 file with your key-pair and the client certificat in it, you first need to export this out of your browser where it was generated. This is very easily done in firefox (make a "backup" of your own certificates).
Generally: After that you can import your cert into OOo. Follow the instructions in the "File/Digital Signatures..." menue. A german howto you can find at
http://de.openoffice.org/doc/howto_2_0/office/signing.html Signing OOo documents (german article)
See also:
OpenOffice 2.0 supports signing and encryption. See http://specs.openoffice.org/appwide/security/Electronic_Signatures_and_Security.sxw (openoffice format, or a pdf copy at http://bcn.boulder.co.us/~neal/i2/OpenOffice_Electronic_Signatures_and_Security.pdf) for the spec, design details, and a competitive analysis
Verifying Documents
If you want to automatically verify the signatures on OpenOffice documents:
Download XMLSec: http://www.aleksey.com/xmlsec/download.html
Put a CABundle into the file /etc/ssl/cert.pem
> unzip Document.odt > xmlsec1 --verify META-INF/documentsignatures.xml OK SignedInfo References (ok/all): 5/5 Manifests References (ok/all): 0/0
Procedure of signing an OpenOffice document
(Valid for OpenOffice v. 4.1.5, January 2018.)
Getting the signing client certificate
You need a client certificate for signing documents or software/code. That article describes requirements you have to fulfill; see also this summary table. Note the certificate purposes:
- Acquiring a certificate using the menu "Client certificates - New" on the CAcert web page, you must check the box "Show advanced options" and the box "Code signing" in advanced options. If you cannot see that box, you do not fulfil all requirements for the ability to ask for such a certificate, or you did not ask for enabling that feature for your account.
Signing a document
- After a document is opened, go to the following menu:
- The dialog of the digital signing appears.
- Press the button "Sign Document...", and you will see the list of your client certificates. Select the code signing one, then press OK.
- If the selected certificate has the ability to sign code/documents, it will then be listed in the signing dialog. Your document is signed.
A document may be signed with multiple certificates. A sign (or signs) are valid until the signed document remains unchanged. Everyone can see signing certificates in the signing dialog.