With the release of LibreOffice 5.4.0 today, I’m most happy to announce support for OpenPGP / GnuPG keys when signing ODF documents in LibreOffice under Linux. This is great if you already use GPG/PGP for email with your peers, as it ensures authenticity of your ODF documents regardless of the mode of transport or storage.
For any ODF document, simply navigate to File->Digital signatures in LibreOffice, and the certificate selection dialog will transparently list all suitable signing keys on your system, including those from Kleopatra, KGpg, GPA or Enigmail – that perhaps you’re using already for secure email.
Pick a GPG key, and LibreOffice will delegate all password entry and GPG crypto to tried-and-true system components (the LibreOffice process won’t even see you passphrase):
Sign document with GPG key
We also made signature status much more visible – before, signed documents only had a tiny icon down in the status bar (both for valid, as well as for broken or untrusted signatures – not ideal for noticing). LibreOffice there follows the trend set by browsers, to make security features (and broken trust) much more obvious. Your validly signed document will now show up like this:
InfoBar showing signature status
Work is ongoing on adding support for Windows (and perhaps other platforms) as well – as of today, LibreOffice 5.4 supports this feature only under Linux. Furthermore, we also plan to provide GPG-based encryption of ODF documents (currently, document encryption is based on individual passwords), stay tuned!
This work was generously sponsored by the German federal office for information security (BSI), and of course builds on top of great software like GnuPG – many thanks!
Thorsten's Weblog 
5 Comments
This is fantastic! Thank you for the article!
Any information will we be able to visibly sign pdf documents (or even better odt) in a field like Acrobat?
We thought about it – would be purely a UI feature, since technically it’s just embedding a picture/faksimile of a signature
Excellent! And couldn’t be better timed either, as I was just about to detach-sign a contract using GPG. Just upgraded to 5.4.0 (I’m on OpenSuse Tumbleweed) and it works flawlessly.
Many thanks!
> We thought about it – would be purely a UI feature, since technically it’s just embedding a picture/faksimile of a signature
Thorsten, I would vigorously recommend against that. What happens then, in my experience, is that people assume that because there is an official-looking icon or the scan of an autograph, integrity and non-repudiation can be assumed.
If thinking of going that way, I suggest running tests where users are presented an unsigned document, or one with an invalid signature, containing an autograph or seal-type icon such as Adobe produce, then see how many users, even reasonably technical ones, come to wrong conclusions as to the document’s integrity.
I think OpenPGP is going to evolve forever. As long as we keep up with the latest Encryption methods.
3 Trackbacks/Pingbacks
[…] άλλες proprietary σουίτες γραφείου. Υποστηρίζει πλέον και ψηφιακές υπογραφές σε ODF έγγραφα με χρήση των OpenPGP/GnuPG σε Linux πλατφόρμες, ενισχύοντας την […]
[…] nouvelle version vient aussi avec une amélioration côté signature de documents sous Linux (soutenue par le BSI). En effet, il est désormais possible d’utiliser ses clefs OpenPGP / GnuPG […]
[…] algum tempo, o LibreOffice recebeu o suporte de assinar documentos com o GnuPG em sua versão para Linux. E, agora, com o lançamento da versão 6, esta opção também está disponível para a versão […]