diff options
author | Miklos Vajna <vmiklos@collabora.com> | 2024-11-08 08:21:18 +0100 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.com> | 2024-11-08 21:40:22 +0100 |
commit | 12e50825370dae276d44bea84b3eb2941b401220 (patch) | |
tree | 4ddeb8990d9ef5d0fa7998844c63521b15650c40 /chart2/import_setup.mk | |
parent | e44f566a2c901d9c761759a20bbd767f18795d5b (diff) |
cool#9992 lok doc sign, hash extract: initial getCommandValues('Signature')
The trouble with signing via ca/cert/key PEM files is that usually the
CA is not trusted by the received of the signature. 3rd-party services
are available to do generate trusted signatures, but then you need to
share your document with them, which can be also problematic.
A middle-ground here is to sign the hash of the document by a 3rd-party,
something that's supported by e.g.
<https://docs.eideasy.com/electronic-signatures/api-flow-with-file-hashes-pdf.html>
(which itself aggregates a number of providers).
As a first step, add LOK API to get what would be the signature time
during signing -- but instead of actually signing, just return this
information. Once the same is done with the doc hash, this is supposed
to provide the same info than what the reference
<https://github.com/eideasy/eideasy-external-pades-digital-signatures>
app does.
This is only a start: incrementally replace XCertificate with
SignatureContext, which allows aborting the signing right before calling
into NSS, and also later it'll allow injecting the PKCS#7 object we get
from the 3rd-party.
Change-Id: I108564f047fdb4fb796240c7d18a584cd9044313
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176279
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Diffstat (limited to 'chart2/import_setup.mk')
0 files changed, 0 insertions, 0 deletions