Question about signed documents

classic Classic list List threaded Threaded
8 messages Options
Tom Williams Tom Williams
Reply | Threaded
Open this post in threaded view
|

Question about signed documents

Hi!  I recently learned LibreOffice 6 supports PGP signed documents.  My
question:  why would anyone want to digitally sign a document?

Peace...

"The Other" Tom

--
/When I leave, I don't know what I'm hoping to find,
And when I leave, I don't know what I'm leaving behind.../

--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy
hymie hymie
Reply | Threaded
Open this post in threaded view
|

Re: Question about signed documents

Tom Williams writes:
>why would anyone want to digitally sign a document?

The two most obvious answers are:

(*) confirm authorship
(*) verify integrity of contents

I'm sure there are plenty of other reasons as well.

--hymie!     http://lactose.homelinux.net/~hymie    [hidden email]

--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy

James Knott-2 James Knott-2
Reply | Threaded
Open this post in threaded view
|

Re: Question about signed documents

In reply to this post by Tom Williams
On 01/31/2019 10:33 AM, Tom Williams wrote:
> Hi!  I recently learned LibreOffice 6 supports PGP signed documents. 
> My question:  why would anyone want to digitally sign a document?

When you take out a loan, etc., don't you sign the document?  There are
many times you sign things.  This is just  a digital way to verify you
did.  Without this, you'd have to print out the document, sign it and
then get it to the recipient.  With digital signing, you digitally sign
it and then can email it, right from LibreOffice.



--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy
Tom Williams Tom Williams
Reply | Threaded
Open this post in threaded view
|

Re: Question about signed documents

In reply to this post by hymie
On 1/31/19 7:38 AM, [hidden email] wrote:
> Tom Williams writes:
>> why would anyone want to digitally sign a document?
> The two most obvious answers are:
>
> (*) confirm authorship
> (*) verify integrity of contents
>
> I'm sure there are plenty of other reasons as well.

Thanks for the reply.  :)   The reason I asked is, I've never considered
the need to digitally sign a document I created or modified in
LibreOffice.  So, I was wondering why anyone would want to do so.  Your
examples make sense.

Peace...

"The Other" Tom

--
/When I leave, I don't know what I'm hoping to find,
And when I leave, I don't know what I'm leaving behind.../

--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy
Tom Williams Tom Williams
Reply | Threaded
Open this post in threaded view
|

Re: Question about signed documents

In reply to this post by James Knott-2
On 1/31/19 7:50 AM, James Knott wrote:
> On 01/31/2019 10:33 AM, Tom Williams wrote:
>> Hi!  I recently learned LibreOffice 6 supports PGP signed documents.
>> My question:  why would anyone want to digitally sign a document?
> When you take out a loan, etc., don't you sign the document?  There are
> many times you sign things.  This is just  a digital way to verify you
> did.  Without this, you'd have to print out the document, sign it and
> then get it to the recipient.  With digital signing, you digitally sign
> it and then can email it, right from LibreOffice.
>
Now, this is interesting.  So, the digital signing you describe would
generate a digital version of my signature?  I have experience with
digitally signing a document, using a third party service, like
DocuSign.  In those cases, a "signature" font is used to represent my
actual signature.  I initially though the digital signing LibreOffice
supported added a digital signature to the document, itself, providing
some verification that I am who I claim to be.  Does it also add the
signature, in the manner you describe?

Thanks!

Peace...

"The Other" Tom


--
/When I leave, I don't know what I'm hoping to find,
And when I leave, I don't know what I'm leaving behind.../

--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy
James Knott-2 James Knott-2
Reply | Threaded
Open this post in threaded view
|

Re: Question about signed documents

In reply to this post by Tom Williams
On 01/31/2019 11:50 AM, Tom Williams wrote:
> The reason I asked is, I've never considered the need to digitally
> sign a document I created or modified in LibreOffice.

At least one bank I'm aware of allows digital signing of documents.  So,
you might download a form to open an account, take out a loan, etc. fill
it out and digitally sign it.

Also, think about the current practice of many lawyers and other
professionals, who still fax documents.  It would be far more secure
than any fax could be.  In fact, given how easy it is to edit scanned
images, spoof phone numbers, etc., there's no way fax can be considered
secure these days.  Yet, people still use them.


--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy
James Knott-2 James Knott-2
Reply | Threaded
Open this post in threaded view
|

Re: Question about signed documents

In reply to this post by Tom Williams
On 01/31/2019 11:54 AM, Tom Williams wrote:
> Now, this is interesting.  So, the digital signing you describe would
> generate a digital version of my signature?  I have experience with
> digitally signing a document, using a third party service, like
> DocuSign.  In those cases, a "signature" font is used to represent my
> actual signature.  I initially though the digital signing LibreOffice
> supported added a digital signature to the document, itself, providing
> some verification that I am who I claim to be.  Does it also add the
> signature, in the manner you describe?

No, it doesn't generate a digital version of your signature.  It uses a
process, related to encryption, to generate a signature of the entire
document, that verifies it could have only come from you.  This is
commonly done with X.509 digital certificates, which are traceable back
to some top level certificate authority.  As an example of a bank
perhaps, they'd issue you your own public/private keys, which could be
traced back to the bank and to the top level authority beyond.  Since
that signature couldn't possibly have come from anyone else, it is your
signature.

You may want to read up on how public/private key encryption works and
X.509 certificates.

https://en.wikipedia.org/wiki/X.509

--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy
Joshua Kramer Joshua Kramer
Reply | Threaded
Open this post in threaded view
|

Re: Question about signed documents

QWhat's interesting about this is you can use a a smartcard to sign your
documents.  Libreoffice supports standard PIV smart cards (at least under
Linux).  If you have everything configured right, you can use an x509 that
is resident on the smart card to sign the document.  This can provide much
higher security, especially if the smart card is configured with a PIN.

Also keep in mind that the document is not "read only" with the signature.
It is completely possible to open a signed document, not realize it's
signed, accidentally insert a period somewhere, and resave it.  As soon as
you modify a signed document the signature is dropped.

On Thu, Jan 31, 2019, 12:08 PM James Knott <[hidden email] wrote:

> On 01/31/2019 11:54 AM, Tom Williams wrote:
> > Now, this is interesting.  So, the digital signing you describe would
> > generate a digital version of my signature?  I have experience with
> > digitally signing a document, using a third party service, like
> > DocuSign.  In those cases, a "signature" font is used to represent my
> > actual signature.  I initially though the digital signing LibreOffice
> > supported added a digital signature to the document, itself, providing
> > some verification that I am who I claim to be.  Does it also add the
> > signature, in the manner you describe?
>
> No, it doesn't generate a digital version of your signature.  It uses a
> process, related to encryption, to generate a signature of the entire
> document, that verifies it could have only come from you.  This is
> commonly done with X.509 digital certificates, which are traceable back
> to some top level certificate authority.  As an example of a bank
> perhaps, they'd issue you your own public/private keys, which could be
> traced back to the bank and to the top level authority beyond.  Since
> that signature couldn't possibly have come from anyone else, it is your
> signature.
>
> You may want to read up on how public/private key encryption works and
> X.509 certificates.
>
> https://en.wikipedia.org/wiki/X.509
>
> --
> To unsubscribe e-mail to: [hidden email]
> Problems?
> https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
> List archive: https://listarchives.libreoffice.org/global/users/
> Privacy Policy: https://www.documentfoundation.org/privacy
>

On Thu, Jan 31, 2019, 12:08 PM James Knott <[hidden email] wrote:

> On 01/31/2019 11:54 AM, Tom Williams wrote:
> > Now, this is interesting.  So, the digital signing you describe would
> > generate a digital version of my signature?  I have experience with
> > digitally signing a document, using a third party service, like
> > DocuSign.  In those cases, a "signature" font is used to represent my
> > actual signature.  I initially though the digital signing LibreOffice
> > supported added a digital signature to the document, itself, providing
> > some verification that I am who I claim to be.  Does it also add the
> > signature, in the manner you describe?
>
> No, it doesn't generate a digital version of your signature.  It uses a
> process, related to encryption, to generate a signature of the entire
> document, that verifies it could have only come from you.  This is
> commonly done with X.509 digital certificates, which are traceable back
> to some top level certificate authority.  As an example of a bank
> perhaps, they'd issue you your own public/private keys, which could be
> traced back to the bank and to the top level authority beyond.  Since
> that signature couldn't possibly have come from anyone else, it is your
> signature.
>
> You may want to read up on how public/private key encryption works and
> X.509 certificates.
>
> https://en.wikipedia.org/wiki/X.509
>
> --
> To unsubscribe e-mail to: [hidden email]
> Problems?
> https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
> List archive: https://listarchives.libreoffice.org/global/users/
> Privacy Policy: https://www.documentfoundation.org/privacy
>

--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy