Electronic signature support #10630
Assignees
Labels
Comments
|
#10637 adds UI to select which eideasy provider to use, though anything redirect-based (e.g. D-Trust sign-me) is supposed to be not working, I'm working on a test env there to reproduce this. Sample test.pdf.user-private-info.json, to be used with the smart-id-signature test provider: {
"ESignatureBaseUrl": "https://test.eideasy.com",
"ESignatureSecret": "56RkLgZREDi1H0HZAvzOSAVlxu1Flx41",
"ESignatureClientId": "2IaeiZXbcKzlP1KvjZH9ghty2IJKM8Lg",
"SignatureCa": "-----BEGIN CERTIFICATE-----\nMIIG+DCCBeCgAwIBAgIQUkCP5k8r59RXxWzfbx+GsjANBgkqhkiG9w0BAQwFADB9\nMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1\nczEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290\nIENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTYwODMwMTEyNDE1WhgP\nMjAzMDEyMTcyMzU5NTlaMGgxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0\naWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEcMBoG\nA1UEAwwTVEVTVCBvZiBFSUQtU0sgMjAxNjCCAiIwDQYJKoZIhvcNAQEBBQADggIP\nADCCAgoCggIBAOrKOByrJqS1QsKD4tXhqkZafPMd5sfxem6iVbMAAHKpvOs4Ia2o\nXdSvJ2FjrMl5szeT4lpHyzfECzO3nx7pvRLKHufi6lMwMGjtSI6DK8BiH9z7Lm+k\nNLunNFdIir0hPijjbIkjg9iwfaeST9Fi5502LsK7duhKuCnH7O0uMrS/MynJ4StA\nNGY13X2FvPW4qkrtbwsmhdN0Btro72O6/3O+0vbnq/yCWtcQrBGv3+8XEBdCqH5S\n/Rt0EugKX4UlVy5l0QUc8IrjGtdMsr9KDtvmVwlefXYKoLqkC7guMGOUNf6Y4AYG\nsPqfY4dG3N5YNp5FHDL7IO93h7TpRV3gyR38LiJsPHk5nES5mdPkNuEkCyg0zEKI\n7uJ4LUuBbjzZPp2gP7PN8Iqi9GP7V2NCz8vUVN3WpHvctsf0DMvZdV5pxqLY5ojy\nfhMsU4aMcGSQA9EK8ES3O1zBK1DW+btjbQjUFW1SIwCkB2yofFxge+vvzZGbvt2U\nGOE8oAL8/JzNxi9FbjTAbycrGWgEMQ0sM1fKc+OsvoaSy9m3ZQGph0+dbsouQpl3\nkpJvjDMzxxkrMqxdhlVMreLKGCMMxJMAGQEwVS5P93Nnmz8UbkmeomUJr3NrBo4+\nV9L5S4Kx1vTvD0p72xRYFyfifLOjs8qs7lR3yhkcBPQI78ERqxv31FWDAgMBAAGj\nggKFMIICgTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNVHQ4E\nFgQUrrDq4Tb4JqulzAtmVf46HQK/ErQwDgYDVR0PAQH/BAQDAgEGMIHEBgNVHSAE\ngbwwgbkwPAYHBACL7EABAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5l\nZS9yZXBvc2l0b29yaXVtL0NQUzA8BgcEAIvsQAEAMDEwLwYIKwYBBQUHAgEWI2h0\ndHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvb3JpdW0vQ1BTMDsGBgQAj3oBAjAxMC8G\nCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzAS\nBgNVHRMBAf8ECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsGAQUFBwMJBggrBgEFBQcD\nAgYIKwYBBQUHAwQwfAYIKwYBBQUHAQEEcDBuMCAGCCsGAQUFBzABhhRodHRwOi8v\nb2NzcC5zay5lZS9DQTBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5zay5lZS9jZXJ0\ncy9FRV9DZXJ0aWZpY2F0aW9uX0NlbnRyZV9Sb290X0NBLmRlci5jcnQwQQYDVR0e\nBDowOKE2MASCAiIiMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAMCUGCCsGAQUFBwEDBBkwFzAVBggrBgEFBQcLAjAJBgcEAIvs\nSQEBMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRv\ncnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBDAUAA4IBAQAiw1VN\nxp1Ho7FwcPlFqlLl6zb225IvpNelFX2QMbq1SPe41LuBW7WRZIV4b6bRQug55k8l\nAm8eX3zEXL9I+4Bzai/IBlMSTYNpqAQGNVImQVwMa64uN8DWo8LNWSYNYYxQzO7s\nTnqsqxLPWeKZRMkREI0RaVNoIPsciJvid9iBKTcGnMVkbrgyLzlXblLMU4I0pL2R\nWlfs2tr+XtCtWAvJPFskM2QZ2NnLjW8WroZr8TooocRA1vl/ruIAPC3FxW7zebKc\nA2B66j4tW7uyF2kPx4WWA3xgR5QZnn4ePEAYjJdu1eWd9KbeAbxPCfFOST43t0fm\n20HfV2Wp2PMEq4b2\n-----END CERTIFICATE-----\n"
}The personal identity code is the public 30303039914 test number. It should result in a signature by "TESTNUMBER,OK" (a fake first+last name). |
|
#10647 improves error handling when the client-id is bad; found while starting on the redirect method. |
|
#10654 adds a new /cool/signature endpoint, to be used with the redirect method. |
|
#10661 finishes support for redirect-based providers. |
|
#10672 starts moving eideasy calls that require a secret to the servers. |
|
#10688 finishes moving eideasy calls that require a secret to the server. |
vmiklos
added a commit
to nextcloud/richdocuments
that referenced
this issue
Dec 10, 2024
Electronic signing needs to store settings as richdocuments settings. This involves the API URL, a client ID visible to the browser and a secret, which is only used during server-side requests. The WOPI CheckFileInfo reply sends this information to the COOL server, similar to how it's done for digital signing (via PEM files). Add the settings as admin settings, otherwise normal users would be able to use eIDEasy services outside richdocuments. <CollaboraOnline/online#10630 (comment)> has instructions on what test data to use to try out the service in a test environment. Additionally, if the test CA is configured to be trusted as a user setting, then the green stamp icon will show up in the status bar.
vmiklos
added a commit
to nextcloud/richdocuments
that referenced
this issue
Dec 10, 2024
Electronic signing needs to store settings as richdocuments settings. This involves the API URL, a client ID visible to the browser and a secret, which is only used during server-side requests. The WOPI CheckFileInfo reply sends this information to the COOL server, similar to how it's done for digital signing (via PEM files). Add the settings as admin settings, otherwise normal users would be able to use eIDEasy services outside richdocuments. <CollaboraOnline/online#10630 (comment)> has instructions on what test data to use to try out the service in a test environment. Additionally, if the test CA is configured to be trusted as a user setting, then the green stamp icon will show up in the status bar. Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
3 tasks
|
nextcloud/richdocuments#4328 adds Nextcloud UI for for the new eideasy settings. |
|
#10706 fixes the l10n of the popup window, which was English-only previously. |
|
#10719 starts adding a country selector to the esign dialog. |
vmiklos
added a commit
to nextcloud/richdocuments
that referenced
this issue
Dec 12, 2024
Electronic signing needs to store settings as richdocuments settings. This involves the API URL, a client ID visible to the browser and a secret, which is only used during server-side requests. The WOPI CheckFileInfo reply sends this information to the COOL server, similar to how it's done for digital signing (via PEM files). Add the settings as admin settings, otherwise normal users would be able to use eIDEasy services outside richdocuments. <CollaboraOnline/online#10630 (comment)> has instructions on what test data to use to try out the service in a test environment. Additionally, if the test CA is configured to be trusted as a user setting, then the green stamp icon will show up in the status bar. Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
|
#10734 changes the WOPI key names for esign settings, based on feedback from Nextcloud. |
vmiklos
added a commit
to nextcloud/richdocuments
that referenced
this issue
Dec 16, 2024
Electronic signing needs to store settings as richdocuments settings. This involves the API URL, a client ID visible to the browser and a secret, which is only used during server-side requests. The WOPI CheckFileInfo reply sends this information to the COOL server, similar to how it's done for digital signing (via PEM files). Add the settings as admin settings, otherwise normal users would be able to use eIDEasy services outside richdocuments. <CollaboraOnline/online#10630 (comment)> has instructions on what test data to use to try out the service in a test environment. Additionally, if the test CA is configured to be trusted as a user setting, then the green stamp icon will show up in the status bar. Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
vmiklos
added a commit
to nextcloud/richdocuments
that referenced
this issue
Dec 16, 2024
Electronic signing needs to store settings as richdocuments settings. This involves the API URL, a client ID visible to the browser and a secret, which is only used during server-side requests. The WOPI CheckFileInfo reply sends this information to the COOL server, similar to how it's done for digital signing (via PEM files). Add the settings as admin settings, otherwise normal users would be able to use eIDEasy services outside richdocuments. <CollaboraOnline/online#10630 (comment)> has instructions on what test data to use to try out the service in a test environment. Additionally, if the test CA is configured to be trusted as a user setting, then the green stamp icon will show up in the status bar. Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
|
#10743 adds filtering for the providers, so the ones relevant for a country will be shown, the others will be hidden. |
|
#10755 sorts the esign dialog dropdowns; which is now possible after tracking the input IDs/codes for these widgets. |
|
https://gerrit.libreoffice.org/c/core/+/178784 starts on visual signing: first just make sure a single signature gets inserted on the Draw / PDF .uno:InsertSignatureLine case. COOL side patch to trigger the UNO command: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem?
This is a follow-up to #9992, that one focused on digital signing with PEM files (similar to libreoffice signing on the desktop), this focuses on electronic signing using eIDEasy.
Describe the solution you'd like
Something that doesn't send the entire PDF file to an external server (only the hash of the document) and produces a qualified electronic signature, so it can be considered as a digital equivalent to handwritten signatures.
Describe alternatives you've considered
Just expose digital signing from libreoffice desktop, and declare that obtaining trusted certificates is somebody else's problem.
Additional context
The above GH issue already has a single working scenario for electronic signing, this one tracks the various still to be fixed details after something works end-to-end.
The text was updated successfully, but these errors were encountered: