Skip navigation

With the release of LibreOffice 5.4.0 today, I’m most happy to announce support for OpenPGP / GnuPG keys when signing ODF documents in LibreOffice under Linux. This is great if you already use GPG/PGP for email with your peers, as it ensures authenticity of your ODF documents regardless of the mode of transport or storage.

For any ODF document, simply navigate to File->Digital signatures in LibreOffice, and the certificate selection dialog will transparently list all suitable signing keys on your system, including those from Kleopatra, KGpg, GPA or Enigmail – that perhaps you’re using already for secure email.

Pick a GPG key, and LibreOffice will delegate all password entry and GPG crypto to tried-and-true system components (the LibreOffice process won’t even see you passphrase):

Sign document with GPG key

We also made signature status much more visible – before, signed documents only had a tiny icon down in the status bar (both for valid, as well as for broken or untrusted signatures – not ideal for noticing). LibreOffice there follows the trend set by browsers, to make security features (and broken trust) much more obvious. Your validly signed document will now show up like this:

InfoBar showing signature status

Work is ongoing on adding support for Windows (and perhaps other platforms) as well – as of today, LibreOffice 5.4 supports this feature only under Linux. Furthermore, we also plan to provide GPG-based encryption of ODF documents (currently, document encryption is based on individual passwords), stay tuned!

This work was generously sponsored by the German federal office for information security (BSI), and of course builds on top of great software like GnuPG – many thanks!

Advertisements

5 Comments

  1. This is fantastic! Thank you for the article!
    Any information will we be able to visibly sign pdf documents (or even better odt) in a field like Acrobat?

    • We thought about it – would be purely a UI feature, since technically it’s just embedding a picture/faksimile of a signature

  2. Excellent! And couldn’t be better timed either, as I was just about to detach-sign a contract using GPG. Just upgraded to 5.4.0 (I’m on OpenSuse Tumbleweed) and it works flawlessly.

    Many thanks!

  3. > We thought about it – would be purely a UI feature, since technically it’s just embedding a picture/faksimile of a signature

    Thorsten, I would vigorously recommend against that. What happens then, in my experience, is that people assume that because there is an official-looking icon or the scan of an autograph, integrity and non-repudiation can be assumed.

    If thinking of going that way, I suggest running tests where users are presented an unsigned document, or one with an invalid signature, containing an autograph or seal-type icon such as Adobe produce, then see how many users, even reasonably technical ones, come to wrong conclusions as to the document’s integrity.

  4. I think OpenPGP is going to evolve forever. As long as we keep up with the latest Encryption methods.


One Trackback/Pingback

  1. […] άλλες proprietary σουίτες γραφείου. Υποστηρίζει πλέον και ψηφιακές υπογραφές σε ODF έγγραφα με χρήση των OpenPGP/GnuPG σε Linux πλατφόρμες, ενισχύοντας την […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: