source/text/shared/guide/digitalsign_send.xhp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

<?xml version="1.0" encoding="UTF-8"?>
<helpdocument version="1.0">

<!--
 * This file is part of the LibreOffice project.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * This file incorporates work covered by the following license notice:
 *
 *   Licensed to the Apache Software Foundation (ASF) under one or more
 *   contributor license agreements. See the NOTICE file distributed
 *   with this work for additional information regarding copyright
 *   ownership. The ASF licenses this file to you under the Apache
 *   License, Version 2.0 (the "License"); you may not use this file
 *   except in compliance with the License. You may obtain a copy of
 *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
 -->


<meta>
      <topic id="textsharedguidedigitalsign_sendxhp" indexer="include" status="PUBLISH">
         <title xml-lang="en-US" id="tit">Applying Digital Signatures</title>
         <filename>/text/shared/guide/digitalsign_send.xhp</filename>
      </topic>
   </meta>
   <body>
<bookmark xml-lang="en-US" branch="index" id="bm_id7430951"><bookmark_value>signing documents with digital signatures</bookmark_value>
      <bookmark_value>digital signatures;getting/managing/applying</bookmark_value>
</bookmark><comment>mw transferred one entry from digital_signatures.xhp and added a new entry</comment>
<paragraph xml-lang="en-US" id="hd_id344248" role="heading" level="1"><variable id="digitalsign_send"><link href="text/shared/guide/digitalsign_send.xhp">Applying Digital Signatures</link>
</variable></paragraph><comment>MW created this file by splitting shared/guide/digital_signatures.xhp</comment>
<paragraph xml-lang="en-US" id="par_idN1063C" role="heading" level="2">Getting a Certificate</paragraph>
<paragraph xml-lang="en-US" id="par_idN10640" role="paragraph">You can get a certificate from a certification authority. No matter if you choose a governmental institution or a private company it is common to be charged for this service, for example when they certify your identity. Few other authorities issue certificates free of costs, like the Open Source Project <link href="https://www.CAcert.org/"><emph>CAcert</emph></link> which is based on the well-known and reliable Web of Trust model and is of growing popularity.</paragraph>
      <paragraph xml-lang="en-US" id="par_idN106F6" role="heading" level="2">Managing your Certificates</paragraph>
<switch select="sys">
<case select="UNIX">
    <paragraph xml-lang="en-US" id="par_idN1071D" role="paragraph">If you are using Linux, macOS or Solaris, you must install a recent version of Thunderbird or Firefox. %PRODUCTNAME will then access their certificate storage.</paragraph>
    <paragraph xml-lang="en-US" id="par_idN10720" role="tip">If you have created different profiles in Thunderbird or Firefox and you want to use certificates from one specific user profile, select the profile in <switchinline select="sys"><caseinline select="MAC"><menuitem>%PRODUCTNAME - Preferences</menuitem></caseinline><defaultinline><menuitem>Tools - Options</menuitem></defaultinline></switchinline><menuitem> - Security - Certificate Path</menuitem>. Alternatively, you can set the environment variable MOZILLA_CERTIFICATE_FOLDER to point to the folder containing that profile.</paragraph>
    <list type="ordered">
        <listitem>
            <paragraph xml-lang="en-US" id="par_id944242" role="paragraph">Open your web browser’s preferences, select the <emph>Advanced</emph> section, click on the <emph>Certificates</emph> tab, and then choose <emph>View Certificates</emph>. The <emph>Certificate Manager</emph> dialog will appear.</paragraph>
        </listitem>
        <listitem>
            <paragraph xml-lang="en-US" id="par_id6452223" role="paragraph">Import your new root certificate, then select and edit the certificate. Enable the root certificate to be trusted at least for web and email access. This ensures that the certificate can sign your documents. You may edit any intermediate certificate in the same way, but it is not mandatory for signing documents.</paragraph>
        </listitem>
        <listitem>
            <paragraph xml-lang="en-US" id="par_id6486098" role="paragraph">When you have edited the new certificates, restart %PRODUCTNAME.</paragraph>
        </listitem>
    </list>
</case>
<default>
    <paragraph role="paragraph" id="par_id921519766138177" xml-lang="en-US">On Windows systems, %PRODUCTNAME will access the system certificate storage.</paragraph>
    <paragraph role="paragraph" id="par_id461519763996407" xml-lang="en-US">Your private key for the digital signature will usually be generated and securely stored by Windows as part of the signature-issuance process. Once the issuing Certificate Authority is satisfied that your computer produced the private key and you have satisfied any other identification requirements, the corresponding public key is signed by the Certificate Authority. For personal keys obtained over the Internet, the private key is generated by your browser and it is not shared with the Certificate Authority.</paragraph>
    <paragraph role="paragraph" id="par_id181519764008387" xml-lang="en-US">If a private key is received by other means or you transfer it from another computer, you can install it on your Windows PC by double-clicking on the private key certificate and providing any required password. This private key may be known to others (such as an organizational or governmental security administration) depending on how it was issued to you.</paragraph>
    <paragraph role="paragraph" id="par_id21519764016831" xml-lang="en-US">Public keys of other people used to verify document digital signatures, or encrypt documents for their eyes only, are usually stored in your system with digital certificate-management applications. In some cases you will need to manage those public-key certificates yourself.</paragraph>
    <paragraph role="paragraph" id="par_id351519764024243" xml-lang="en-US">The general management of public and private keys on your PC will vary depending on the version of Windows you are operating. For more information, use the "Help and Support" topic of your Windows version and search for "digital signature".</paragraph>
</default>
</switch>
<paragraph xml-lang="en-US" id="par_idN10681" role="heading" level="2">Signing a document</paragraph>
      <list type="ordered">
         <listitem>
            <paragraph xml-lang="en-US" id="par_idN10688" role="paragraph">Choose <emph>File - Digital Signatures - Digital Signatures</emph>.</paragraph>
         </listitem>
         <listitem>
            <paragraph xml-lang="en-US" id="par_idN10690" role="paragraph">A message box advises you to save the document. Click <emph>Yes</emph> to save the file.</paragraph>
         </listitem>
         <listitem>
            <paragraph xml-lang="en-US" id="par_idN10698" role="paragraph">After saving, you see the <link href="text/shared/01/digitalsignatures.xhp"><emph>Digital Signatures</emph></link> dialog. Click <emph>Add</emph> to add a public key to the document.</paragraph>
         </listitem>
         <listitem>
            <paragraph xml-lang="en-US" id="par_idN106AE" role="paragraph">In the <link href="text/shared/01/selectcertificate.xhp"><emph>Select Certificate</emph></link> dialog, select your certificate and click <emph>OK</emph>.</paragraph>
         </listitem>
         <listitem>
            <paragraph xml-lang="en-US" id="par_idN106C0" role="paragraph">You see again the <emph>Digital Signatures</emph> dialog, where you can add more certificates if you want. Click <emph>OK</emph> to add the public key to the saved file.</paragraph>
         </listitem>
      </list>
      <paragraph xml-lang="en-US" id="par_idN106C3" role="paragraph">A signed document shows an icon
<image id="img_id262764" src="xmlsecurity/res/certificate_16.png" width="0.2228in" height="0.2228in"><alt xml-lang="en-US" id="alt_id262764">Icon</alt></image> in the status bar. You can double-click the icon in the status bar to view the certificate.</paragraph>
      <paragraph xml-lang="en-US" id="par_id2008200911381426" role="paragraph">The result of the signature validation is displayed in the status bar and within the <emph>Digital Signature</emph> dialog. Several documents and macro signatures can exist inside an ODF document. If there is a problem with one signature, then the validation result of that one signature is assumed for all signatures. That is, if there are ten valid signatures and one invalid signature, then the status bar and the status field in the dialog will flag the signature as <emph>invalid</emph>.</paragraph>
      <paragraph xml-lang="en-US" id="par_idN106E0" role="heading" level="2">Signing the macros inside a document</paragraph>
      <paragraph xml-lang="en-US" id="par_idN106E4" role="paragraph">Normally, macros are part of a document. If you sign a document, the macros inside the document are signed automatically. If you want to sign only the macros, but not the document, proceed as follows:</paragraph>
      <list type="ordered">
         <listitem>
            <paragraph xml-lang="en-US" id="par_idN106EA" role="paragraph">Choose <emph>Tools - Macros - Digital Signature</emph>.</paragraph>
         </listitem>
         <listitem>
            <paragraph xml-lang="en-US" id="par_idN106F2" role="paragraph">Apply the signature as described above for documents.</paragraph>
         </listitem>
      </list>
      <paragraph xml-lang="en-US" id="par_idN106F5" role="paragraph">When you open the Basic IDE that contains signed macros, you see an icon
<image id="img_id9252296" src="xmlsecurity/res/certificate_16.png" width="0.2228in" height="0.2228in"><alt xml-lang="en-US" id="alt_id9252296">Icon</alt></image> in the status bar.<br/>You can double-click the icon in the status bar to view the certificate.</paragraph><comment>WebDAV see issue 32935</comment><comment>main dialog IDs are here to lead the user initially to this help page</comment><comment>Examine certificate button</comment>
<!-- removed HID 1311740419 -->
<paragraph xml-lang="en-US" id="par_id5734733" role="paragraph"><ahelp hid="." visibility="hidden">Click to open the <emph>View Certificate</emph> dialog.</ahelp></paragraph><comment>Accept this certificate temporarily for this session radio button</comment>
<!-- removed HID 1311736321 -->
<paragraph xml-lang="en-US" id="par_id561540" role="paragraph"><ahelp hid="." visibility="hidden">Choose this setting to accept the certificate until you exit %PRODUCTNAME.</ahelp></paragraph><comment>Do not accept this certificate and do not connect to this Web site radio button</comment>
<!-- removed HID 1311736326 -->
<paragraph xml-lang="en-US" id="par_id7705618" role="paragraph"><ahelp hid="." visibility="hidden">Choose this setting to cancel the connection.</ahelp></paragraph>
      <section id="relatedtopics">
         <paragraph xml-lang="en-US" id="par_id3204443" role="paragraph"><link href="https://wiki.documentfoundation.org/How_to_use_digital_Signatures">English Wiki page on digital signatures</link></paragraph>
         <paragraph xml-lang="en-US" id="par_id5166173" role="paragraph"><link href="text/shared/guide/digital_signatures.xhp">About digital signatures</link></paragraph>
      </section>
   </body>
</helpdocument>