1*b1cdbd2cSJim Jagielski<?xml version="1.0" encoding="UTF-8"?> 2*b1cdbd2cSJim Jagielski<helpdocument version="1.0"> 3*b1cdbd2cSJim Jagielski<!--*********************************************************** 4*b1cdbd2cSJim Jagielski * 5*b1cdbd2cSJim Jagielski * Licensed to the Apache Software Foundation (ASF) under one 6*b1cdbd2cSJim Jagielski * or more contributor license agreements. See the NOTICE file 7*b1cdbd2cSJim Jagielski * distributed with this work for additional information 8*b1cdbd2cSJim Jagielski * regarding copyright ownership. The ASF licenses this file 9*b1cdbd2cSJim Jagielski * to you under the Apache License, Version 2.0 (the 10*b1cdbd2cSJim Jagielski * "License"); you may not use this file except in compliance 11*b1cdbd2cSJim Jagielski * with the License. You may obtain a copy of the License at 12*b1cdbd2cSJim Jagielski * 13*b1cdbd2cSJim Jagielski * http://www.apache.org/licenses/LICENSE-2.0 14*b1cdbd2cSJim Jagielski * 15*b1cdbd2cSJim Jagielski * Unless required by applicable law or agreed to in writing, 16*b1cdbd2cSJim Jagielski * software distributed under the License is distributed on an 17*b1cdbd2cSJim Jagielski * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 18*b1cdbd2cSJim Jagielski * KIND, either express or implied. See the License for the 19*b1cdbd2cSJim Jagielski * specific language governing permissions and limitations 20*b1cdbd2cSJim Jagielski * under the License. 21*b1cdbd2cSJim Jagielski * 22*b1cdbd2cSJim Jagielski ***********************************************************--> 23*b1cdbd2cSJim Jagielski 24*b1cdbd2cSJim Jagielski 25*b1cdbd2cSJim Jagielski 26*b1cdbd2cSJim Jagielski 27*b1cdbd2cSJim Jagielski<meta> 28*b1cdbd2cSJim Jagielski <topic id="textsharedguidedigital_signaturesxhp" indexer="include"> 29*b1cdbd2cSJim Jagielski <title xml-lang="en-US" id="tit">About Digital Signatures</title> 30*b1cdbd2cSJim Jagielski <filename>/text/shared/guide/digital_signatures.xhp</filename> 31*b1cdbd2cSJim Jagielski </topic> 32*b1cdbd2cSJim Jagielski </meta> 33*b1cdbd2cSJim Jagielski <body> 34*b1cdbd2cSJim Jagielski<bookmark xml-lang="en-US" branch="index" id="bm_id7430951"><bookmark_value>certificates</bookmark_value> 35*b1cdbd2cSJim Jagielski <bookmark_value>digital signatures;overview</bookmark_value> 36*b1cdbd2cSJim Jagielski <bookmark_value>security;digital signatures</bookmark_value> 37*b1cdbd2cSJim Jagielski</bookmark><comment>mw moved 1 entry to digitalsign_send.xhp and made "digital signatures" a two level entry and added a new entry</comment> 38*b1cdbd2cSJim Jagielski<paragraph xml-lang="en-US" id="hd_id2767418" role="heading" level="1" l10n="NEW"><variable id="digital_signatures"><link href="text/shared/guide/digital_signatures.xhp">About Digital Signatures</link> 39*b1cdbd2cSJim Jagielski</variable></paragraph> 40*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_idN10632" role="paragraph" l10n="NEW">In %PRODUCTNAME, you can digitally sign your documents and macros. </paragraph> 41*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="hd_id6564531" role="heading" level="2" l10n="NEW">Certificates</paragraph> 42*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_idN10639" role="paragraph" l10n="NEW">To sign a document digitally, you need a personal key, the certificate. A personal key is stored on your computer as a combination of a private key, which must be kept secret, and a public key, which you add to your documents when you sign them.</paragraph> 43*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_idN1066D" role="heading" level="2" l10n="NEW">Save and sign the document</paragraph> 44*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_idN10671" role="paragraph" l10n="NEW">When you apply a digital signature to a document, a kind of checksum is computed from the document's content plus your personal key. The checksum and your public key are stored together with the document.</paragraph> 45*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_idN10674" role="heading" level="2" l10n="NEW">Open a signed document</paragraph> 46*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_idN10678" role="paragraph" l10n="NEW">When someone later opens the document on any computer with a recent version of %PRODUCTNAME, the program will compute the checksum again and compare it with the stored checksum. If both are the same, the program will signal that you see the original, unchanged document. In addition, the program can show you the public key information from the certificate.</paragraph> 47*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_idN1067B" role="paragraph" l10n="NEW">You can compare the public key with the public key that is published on the web site of the certificate authority.</paragraph> 48*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_idN1067E" role="paragraph" l10n="NEW">Whenever someone changes something in the document, this change breaks the digital signature. After the change, there will be no sign that you see the original document.</paragraph> 49*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id2008200911381426" role="paragraph" l10n="NEW">The result of the signature validation is displayed in the status bar and within the Digital Signature dialog. Several documents and macro signatures can exist inside an ODF document. If there is a problem with one signature, then the validation result of that one signature is assumed for all signatures. That is, if there are ten valid signatures and one invalid signature, then the status bar and the status field in the dialog will flag the signature as invalid.</paragraph> 50*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200911571878" role="paragraph" l10n="NEW">You can see any of the following icons and messages when you open a signed document.</paragraph> 51*b1cdbd2cSJim Jagielski <table id="tbl_id0821200912400398"> 52*b1cdbd2cSJim Jagielski <tablerow> 53*b1cdbd2cSJim Jagielski <tablecell> 54*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200912504050" role="tablehead" l10n="NEW">Icon in Status bar</paragraph> 55*b1cdbd2cSJim Jagielski </tablecell> 56*b1cdbd2cSJim Jagielski <tablecell> 57*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200912504061" role="tablehead" l10n="NEW">Signature status</paragraph> 58*b1cdbd2cSJim Jagielski </tablecell> 59*b1cdbd2cSJim Jagielski </tablerow> 60*b1cdbd2cSJim Jagielski <tablerow> 61*b1cdbd2cSJim Jagielski <tablecell> 62*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200912504010" role="tablecontent" l10n="NEW"> 63*b1cdbd2cSJim Jagielski<image id="img_id0821200912421569" src="xmlsecurity/res/certificate_16.png" width="0.1665in" height="0.1665in"><alt xml-lang="en-US" id="alt_id0821200912421569">Icon</alt> 64*b1cdbd2cSJim Jagielski </image></paragraph> 65*b1cdbd2cSJim Jagielski </tablecell> 66*b1cdbd2cSJim Jagielski <tablecell> 67*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200912504189" role="tablecontent" l10n="NEW">The signature is valid.</paragraph> 68*b1cdbd2cSJim Jagielski </tablecell> 69*b1cdbd2cSJim Jagielski </tablerow> 70*b1cdbd2cSJim Jagielski <tablerow> 71*b1cdbd2cSJim Jagielski <tablecell> 72*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id082120091250418" role="tablecontent" l10n="NEW"> 73*b1cdbd2cSJim Jagielski<image id="img_id0821200912431081" src="xmlsecurity/res/notcertificate_16.png" width="0.1665in" height="0.1665in"><alt xml-lang="en-US" id="alt_id0821200912431081">Icon</alt> 74*b1cdbd2cSJim Jagielski </image></paragraph> 75*b1cdbd2cSJim Jagielski </tablecell> 76*b1cdbd2cSJim Jagielski <tablecell> 77*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200912504133" role="tablecontent" l10n="NEW">The signature is OK, but the certificates could not be validated.</paragraph> 78*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200912504165" role="tablecontent" l10n="NEW">The signature and the certificate are OK, but not all parts of the document are signed. (For documents that were signed with old versions of the software, see note below.)</paragraph> 79*b1cdbd2cSJim Jagielski </tablecell> 80*b1cdbd2cSJim Jagielski </tablerow> 81*b1cdbd2cSJim Jagielski <tablerow> 82*b1cdbd2cSJim Jagielski <tablecell> 83*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200912504237" role="tablecontent" l10n="NEW"> 84*b1cdbd2cSJim Jagielski<image id="img_id0821200912435090" src="xmlsecurity/res/caution_11x16.png" width="0.1665in" height="0.1146in"><alt xml-lang="en-US" id="alt_id0821200912435090">Icon</alt> 85*b1cdbd2cSJim Jagielski </image></paragraph> 86*b1cdbd2cSJim Jagielski </tablecell> 87*b1cdbd2cSJim Jagielski <tablecell> 88*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200912504233" role="tablecontent" l10n="NEW">The signature is invalid.</paragraph> 89*b1cdbd2cSJim Jagielski </tablecell> 90*b1cdbd2cSJim Jagielski </tablerow> 91*b1cdbd2cSJim Jagielski </table> 92*b1cdbd2cSJim Jagielski 93*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="hd_id0821200910191787" role="heading" level="3" l10n="NEW">Signatures and software versions</paragraph> 94*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200910191747" role="paragraph" l10n="NEW">The signing of contents got changed with OpenOffice.org 3.2 and StarOffice 9.2. Now all contents of the files, except the signature file itself (META-INF/documentsignatures.xml) are signed. </paragraph> 95*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id0821200910191774" role="paragraph" l10n="NEW">When you sign a document with OpenOffice.org 3.2 or StarOffice 9.2 or a later version, and you open that document in an older version of the software, the signature will be displayed as "invalid". Signatures created with older versions of the software will be marked with "only parts of the documents are signed" when loaded in the newer software.</paragraph> 96*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id2008200911583098" role="note" l10n="NEW">When you load an ODF document, you might see an icon in the status bar and the status field in the dialog that indicates that the document is only partially signed. This status will appear when the signature and certificate are valid, but they were created with a version of OpenOffice.org before 3.2 or StarOffice before 9.2. In versions of OpenOffice.org before 3.0 or StarOffice before 9.0, the document signature was applied to the main contents, pictures and embedded objects only and some contents, like macros, were not signed. In OpenOffice.org 3.0 and StarOffice 9.0 the document signature was applied to most content, including macros. However, the mimetype and the content of the META-INF folder were not signed. And in OpenOffice.org 3.2 and StarOffice 9.2 all contents, except the signature file itself (META-INF/documentsignatures.xml), are signed.</paragraph> 97*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="hd_id9354228" role="heading" level="2" l10n="NEW">Security Warnings</paragraph> 98*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id2372508" role="paragraph" l10n="NEW">When you receive a signed document, and the software reports that the signature is valid, this does not mean that you can be absolutely sure that the document is the same that the sender has sent. Signing documents with software certificates is not a perfectly secure method. Numerous ways are possible to circumvent the security features.</paragraph> 99*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id7953123" role="paragraph" l10n="NEW">Example: Think about someone who wants to camouflage his identity to be a sender from your bank. He can easily get a certificate using a false name, then send you any signed e-mail pretending he is working for your bank. You will get that e-mail, and the e-mail or the document within has the "valid signed" icon. </paragraph> 100*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id6195257" role="paragraph" l10n="NEW">Do not trust the icon. Inspect and verify the certificates.</paragraph> 101*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id8635517" role="warning" l10n="CHG">The validation of a signature is not a legally binding guarantee of any kind.</paragraph> 102*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id6075624" role="paragraph" l10n="NEW">On Windows operating systems, the Windows features of validating a signature are used. On Solaris and Linux systems, files that are supplied by Thunderbird, Mozilla or Firefox are used. You must ensure that the files that are in use within your system are really the original files that were supplied by the original developers. For malevolent intruders, there are numerous ways to replace original files with other files that they supply.</paragraph> 103*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id6819971" role="warning" l10n="NEW">The messages about validation of a signature that you see in %PRODUCTNAME are the messages that the validation files return. The %PRODUCTNAME software has no way to ensure that the messages reflect the true status of any certificate. The %PRODUCTNAME software only displays the messages that other files that are not under control of %PRODUCTNAME report. There is no legal responsibility of %PRODUCTNAME that the displayed messages reflect the true status of a digital signature.</paragraph> 104*b1cdbd2cSJim Jagielski <section id="relatedtopics"> 105*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id3204443" role="paragraph" l10n="NEW"><link href="https://wiki.openoffice.org/wiki/How_to_use_digital_Signatures">English Wiki page on digital signatures</link></paragraph> 106*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id486465" role="paragraph" l10n="NEW"><link href="text/shared/guide/digitalsign_send.xhp">Applying digital signatures</link></paragraph> 107*b1cdbd2cSJim Jagielski <paragraph xml-lang="en-US" id="par_id3448591" role="paragraph" l10n="NEW"><link href="text/shared/guide/digitalsign_receive.xhp">Opening a document using WebDAV over HTTPS</link></paragraph> 108*b1cdbd2cSJim Jagielski </section> 109*b1cdbd2cSJim Jagielski </body> 110*b1cdbd2cSJim Jagielski</helpdocument>