Signature process in LibreOffice 6.3
mikekaganski at hotmail.com
Fri Feb 7 17:56:08 UTC 2020
On 2020-02-07 18:46, Steve Martin wrote:
> After I signed the document, I decompressed it again and copied the
> meta.xml file into the Thumbnails directory. Thanks to the previously
> added file entry in the manifest.xml file, I can now compress all the
> partial files back into a ZIP archive and open the document with
> LibreOffice as normal, without being shown the message that the file is
> However, I don't understand why do I get now the message that the
> signature is not valid? I decompressed the ODT document with the invalid
> signature and compared the documentsignatures.xml file contained in the
> META-INF folder with the documentsignatures.xml file that was created
> immediately after the signature was created. Both files are exactly the
> same and neither contain the value "Thumbnails/meta.xml" in the URI
> attribute in the <Reference> elements.
> Since none of the files that are listed in the documentsignatures.xml
> were manipulated, the signature should be valid? Or is there another
> signature somewhere besides the XML signature about the file structure
> of the ODT document?
OASIS OpenDocument version 1.2 sect. 3.16 Document Signatures  :
> Document signatures shall be stored in a file called META-INF/documentsignatures.xml in the package as described in section 3.5 of the OpenDocument specification part 3. Document signatures shall contain a <ds:Reference> element for each file within the package, with the exception that <ds:Reference> elements for the META-INF/documentsignatures.xml file containing the signature, and any files contained in the package whose relative path starts with "external-data/" should be omitted.
Note that "Document signatures shall contain a <ds:Reference> element
*for each file within the package*", and the contents of Thumbnails is
not listed aming the exceptions.
More information about the LibreOffice