Digitally sign documents via software certificates. #4123
Labels
Comments
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 14, 2024
Document signing needs to store keys as richdocuments settings. This involves the signing key, certificate and the matching CA chain. As a first step, add code to the personal settings to be able to set a CA chain that issues the signing key / certificate. Setting and getting the setting is possible after this; the setting is not yet exposed in the WOPI CheckFileInfo response. <CollaboraOnline/online#9992 (comment)> has instructions on how to generate self-signed certificates for document signing for development purposes. Related to nextcloud#4123
|
I started on this here: https://github.com/vmiklos/nextcloud-richdocuments/commits/sign I'll create a PR once this works for me locally. |
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 15, 2024
…FileInfo This setting was already possible to read and write from the personal settings UI, but was not available towards Collabora Online. Other private user settings like the Zotero API key are exposed in the WOPI CheckFileInfo reply. Do the same here: if the feature is enabled in general and this is not a public share, then include the signature CA setting in the CheckFileInfo response. The same still needs doing for the signature cert/key. Related to nextcloud#4123
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 16, 2024
Document signing needs to store keys as richdocuments settings. This involves the signing key, certificate and the matching CA chain. As a first step, add code to the personal settings to be able to set a CA chain that issues the signing key / certificate. Setting and getting the setting is possible after this; the setting is not yet exposed in the WOPI CheckFileInfo response. <CollaboraOnline/online#9992 (comment)> has instructions on how to generate self-signed certificates for document signing for development purposes. Related to nextcloud#4123
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 16, 2024
…FileInfo This setting was already possible to read and write from the personal settings UI, but was not available towards Collabora Online. Other private user settings like the Zotero API key are exposed in the WOPI CheckFileInfo reply. Do the same here: if the feature is enabled in general and this is not a public share, then include the signature CA setting in the CheckFileInfo response. The same still needs doing for the signature cert/key. Related to nextcloud#4123
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 16, 2024
…, too (fixes nextcloud#4123) The CA chain for the document signing was already a user setting & it was exposed in the WOPI CheckFileInfo, but the actual signing certificate & key was missing, so signing was not possible. These are typically in a similar PEM format using just ASCII characters, so providing a textarea where the user can paste them sounds like a good fit. Add the read/write of this setting and also expose it as part of the private user info in WOPI CheckFileInfo. With this, once all 3 are configured, it's possible to sign a document in Nextcloud Office, using the Signature button on the Home tab of the notebookbar.
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 16, 2024
Document signing needs to store keys as richdocuments settings. This involves the signing key, certificate and the matching CA chain. As a first step, add code to the personal settings to be able to set a CA chain that issues the signing key / certificate. Setting and getting the setting is possible after this; the setting is not yet exposed in the WOPI CheckFileInfo response. <CollaboraOnline/online#9992 (comment)> has instructions on how to generate self-signed certificates for document signing for development purposes. Related to nextcloud#4123 Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 16, 2024
…FileInfo This setting was already possible to read and write from the personal settings UI, but was not available towards Collabora Online. Other private user settings like the Zotero API key are exposed in the WOPI CheckFileInfo reply. Do the same here: if the feature is enabled in general and this is not a public share, then include the signature CA setting in the CheckFileInfo response. The same still needs doing for the signature cert/key. Related to nextcloud#4123 Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 16, 2024
…, too (fixes nextcloud#4123) The CA chain for the document signing was already a user setting & it was exposed in the WOPI CheckFileInfo, but the actual signing certificate & key was missing, so signing was not possible. These are typically in a similar PEM format using just ASCII characters, so providing a textarea where the user can paste them sounds like a good fit. Add the read/write of this setting and also expose it as part of the private user info in WOPI CheckFileInfo. With this, once all 3 are configured, it's possible to sign a document in Nextcloud Office, using the Signature button on the Home tab of the notebookbar. Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
3 tasks
github-project-automation
bot
moved this from 🏗️ At engineering
to 🎉 Done
in 🖍 Design team
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 22, 2024
Document signing needs to store keys as richdocuments settings. This involves the signing key, certificate and the matching CA chain. As a first step, add code to the personal settings to be able to set a CA chain that issues the signing key / certificate. Setting and getting the setting is possible after this; the setting is not yet exposed in the WOPI CheckFileInfo response. <CollaboraOnline/online#9992 (comment)> has instructions on how to generate self-signed certificates for document signing for development purposes. Related to nextcloud#4123 Signed-off-by: Miklos Vajna <vmiklos@collabora.com> (cherry picked from commit 20ca5fd)
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 22, 2024
…FileInfo This setting was already possible to read and write from the personal settings UI, but was not available towards Collabora Online. Other private user settings like the Zotero API key are exposed in the WOPI CheckFileInfo reply. Do the same here: if the feature is enabled in general and this is not a public share, then include the signature CA setting in the CheckFileInfo response. The same still needs doing for the signature cert/key. Related to nextcloud#4123 Signed-off-by: Miklos Vajna <vmiklos@collabora.com> (cherry picked from commit 6ca8071)
vmiklos
added a commit
to vmiklos/nextcloud-richdocuments
that referenced
this issue
Oct 22, 2024
…, too (fixes nextcloud#4123) The CA chain for the document signing was already a user setting & it was exposed in the WOPI CheckFileInfo, but the actual signing certificate & key was missing, so signing was not possible. These are typically in a similar PEM format using just ASCII characters, so providing a textarea where the user can paste them sounds like a good fit. Add the read/write of this setting and also expose it as part of the private user info in WOPI CheckFileInfo. With this, once all 3 are configured, it's possible to sign a document in Nextcloud Office, using the Signature button on the Home tab of the notebookbar. Signed-off-by: Miklos Vajna <vmiklos@collabora.com> (cherry picked from commit adfb905)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Collabora Online is adding digital signature support, see CollaboraOnline/online#9992 for the details. This is something that richdocuments could use.
Describe the solution you'd like
The solution is meant to provide signing support for ODF (e.g. ODT), OOXML (e.g. DOCX) and PDF files.
We discussed this with @juliushaertl about a month ago, but back then the Collabora Online side was far from ready. The suggested plan is:
Describe alternatives you've considered
It's always possible to export as PDF and sign that PDF outside Collabora Online, if you don't mind the export / download, sign, upload steps, which is a bit complicated.
Additional context
I intend to work on this, just creating the issue to track the richdocuments progress at a single place.
The text was updated successfully, but these errors were encountered: