Signature process in LibreOffice 6.3

Mike Kaganski mikekaganski at hotmail.com
Fri Feb 7 17:56:08 UTC 2020 

Hi,

On 2020-02-07 18:46, Steve Martin wrote:
> After I signed the document, I decompressed it again and copied the 
> meta.xml file into the Thumbnails directory. Thanks to the previously 
> added file entry in the manifest.xml file, I can now compress all the 
> partial files back into a ZIP archive and open the document with 
> LibreOffice as normal, without being shown the message that the file is 
> corrupted.
> 
> However, I don't understand why do I get now the message that the 
> signature is not valid? I decompressed the ODT document with the invalid 
> signature and compared the documentsignatures.xml file contained in the 
> META-INF folder with the documentsignatures.xml file that was created 
> immediately after the signature was created. Both files are exactly the 
> same and neither contain the value "Thumbnails/meta.xml" in the URI 
> attribute in the <Reference> elements.
> 
> Since none of the files that are listed in the documentsignatures.xml 
> were manipulated, the signature should be valid? Or is there another 
> signature somewhere besides the XML signature about the file structure 
> of the ODT document?

OASIS OpenDocument version 1.2 sect. 3.16 Document Signatures [1] :

> Document signatures shall be stored in a file called META-INF/documentsignatures.xml in the package as described in section 3.5 of the OpenDocument specification part 3. Document signatures shall contain a <ds:Reference> element for each file within the package, with the exception that <ds:Reference> elements for the META-INF/documentsignatures.xml file containing the signature, and any files contained in the package whose relative path starts with "external-data/" should be omitted.

Note that "Document signatures shall contain a <ds:Reference> element 
*for each file within the package*", and the contents of Thumbnails is 
not listed aming the exceptions.

[1] 
http://docs.oasis-open.org/office/v1.2/os/OpenDocument-v1.2-os-part1.html#__RefHeading__1415062_253892949

-- 
Best regards,
Mike Kaganski

More information about the LibreOffice mailing list