 Yeah, thank you for your help Yeah, hi, I'm Samuel working for CIB, and I'm going to talk about improvements we made to document signing and encryption in the last year Yeah, I have two topics the first is signature lines What is that? Why is this is it useful and what did we change from there and the second is open PGP support? Yeah, part of the second topic was already held at the LibreOffice conference was there might sound Yeah, you might have already heard parts of that but yeah Okay, let's start with signature lines Signature lines are a visual representation of the document signature. I'll show that in a document later So like you have in a handwritten document you put your signature in a predefined field You can also have this for digital documents and connect it with a real signature so that You see whether the signature is valid or whether the document was changed after that Yeah, that's the idea combine it this handwritten signature, you know from Paper documents with the digator signatures we have in LibreOffice Microsoft Word and Excel also have this feature. So it was also An attempt to improve interoperability Yeah, so what's working there since LibreOffice 6.0 the OOXML input is working This is the only thing I can show now because I don't have the master build on this laptop, sorry And in the current master build there is also full OOXML roundtrip working so you can save them again ODF export import Yeah, ODF export is working import is to be done and you can generate new signature lines there's a dialog for that and edit existing ones of course and You it should be Able that you then can also sign these signature lines. This is also to be done and hopefully done until 6.1 Yeah, let's have a quick look So how do we access my media or we can also go through the folder there maybe Yeah, and open the other one this one what you have a master build here. Yes, but Maybe I can just start mine How do I make this backslash forward slash This one Okay, so we have a new menu entry in the writer it's insert Signature line then you get this dialog you can enter suggested signer. It's me then no title Yeah, whatever Then you can specify whether the one who signs this can add comments and whether the sign date should be shown and Then you can add comments, please sign here and What you get is just a shape which looks like this traditional signature line and this is Yeah, and then you send the document to someone and ask him Please sign it and he doesn't have to print it and scan it again with his handwritten signature, but you then can This is not implemented yet, but he should be able to Right-click sign and then he gets the digital Certificates and keys he has and he can choose his personal key or certificate he wants to use for signing and then sign it's like you have here with the Diggater signatures Yeah, you go to this dialog sign the document select your certificate if you have one Yeah, there even are a few Yeah, and then this shape will change and it will display the name You entered you might also specify an image like if you want your handwritten signature there and then when loading the document The signature will be evaluated when the signature is valid the document wasn't changed It will load the signature and if not it will load Like it will strike through the signature and you will see On the first side that this document was changed and the signature is no longer valid Yes, that's the first part Questions to this topic so far signature lines Yes, I Even had prepared two documents, but I can't load them at the moment. So if you just change one character or whatever Yeah, this already worked before with the digital signatures we have Yeah Yeah Hopefully six dot one It's a what I say It's a customer that spawns out this. I don't know if I can name him but Yeah, so this will most probably make it into six at one Okay, second topic open PGP support Yeah Earlier on you could use X 509 certificates in LibreOffice to sign the document We added with support from the German PSI I Support for open PGP so you can use your exist existing keys you have and you use for email maybe or Whatever and there's also UB key this USB Thing you can insert with which has keys Yeah, you don't need to go through some certificate authority and get a certificate you can just Generate your key and sign with that Yeah, so this is the current status signing worked on 5.4 on Linux only this was the first thing we did and since since LibreOffice 6.0 released a few days ago This is on all three major platforms Linux Windows and Mac OS and it's also ODF conformant So we didn't break your standard It's not your standard, of course, but you're careful Yeah for the encryption stuff we had to extend that's also in my notes Yeah Yeah, right then encrypting with open PGP keys was the second feature Yeah, so you cannot only sign you can encrypt so that nobody can see the document unless You encrypted it for him Or her Yeah, this needed as Torsten said an extension to ODF, but will be Proposed or is already proposed to the TC. I don't know Yeah, currently LibreOffice is the only ODF consumer implementing this Yeah, but we hope that more will follow it's one to take with ODF toolkit and their patch open office developers here Yeah, okay, so how does it work LibreOffice does mainly Not very much with the actual signing We use existing toolkits like the GPG agent and the GPG program that is already there So we also can't make big can't make big mistakes with the actual signing process Yeah, it's There is some inter-process communication between the two LibreOffice and the The GPG agent we use the GPG me library. That's C library for accessing Yeah for using this as Signature and encryption stuff We actually use GPG me CPP or PP and that's a small C++ wrapper around this Yeah So our work was on the LibreOffice site integrating the existing programs Yeah, so we have no extra key store like when you open this Signature dialogue it will list Your existing open PGP keys you have used for mail or whatever before And you also see it lists both x5 or 9 certificates the first two and the rest this is screenshot from Torsten Open PGP keys you select your one Also, we have no Certificate manager integrated. We don't go one to go that route. There are many good applications for that But we help users to find them We have a start certificate manager button in this dialogue and when you click it you it will open seahorse on GNOME or on KDE there is I don't know Cleopatra and on Windows it will open GPG for a win. Is that that right? So it's cooperation. Which program do you do to launch? I think at the current state It's just checks a hard-coded list and takes the first one it finds maybe we added a configuration I'm not sure Yeah on Windows you would yeah on Windows you would need to install this Separately we don't bundle it and on Linux. Of course, it's provided by your package manager Yeah, then we also made some UI improvements Before the signature the status of the current signature was only displayed very small in the status line and there was also a dialogue popping up when the The signature was invalid and we improved that and used this colored info bars Yeah, the one below is even from a newer version. It has an icon also think haiko is responsible for that. Thanks Yeah, so you see at the first site with the color and the text if your signature is valid if it is valid but The certificate could not be validated That might be the case if you have a key which is not trusted in the GPG Wording and it is dark red if the signature is broken that means the document has been changed Okay. Yeah, let's have a small look at this or yeah before. Oh, I have five more minutes Okay Yeah, I just take a blank document Insert some blind text. How does it work? No, it doesn't work. Anyway Line text then I want to sign this document Can I just use your existing keys open PGP? I saw there some There are a few I don't know from where they come Okay, they're empty Yeah, so I just choose one key You can also configure it to use a default key. There is a config option for that then I click sign Yeah, okay, I don't have this passphrase Okay, yeah, and then you can imagine this nice info bar is popping up. Okay That's about the signing no big deal same procedure Okay, and then the encryption that's integrated in the safe dialogue in all platforms in the native dialogues even Okay, I need to save as to get the dialogue again and there is encrypt with GPG key and option for that I never choose that Okay So now I get another list with all foreign keys that You have Yeah, because I can encrypt of course for other people where only have the public key So I want to encrypt this for corn news Yeah Okay, and in theory this works in practice. This is not my laptop and it's not configured here Yeah, but you see the general procedure Okay, let me repeat this for the Camera so the problem here was that the key is not trusted and we need to go to the certificate manager and Sign this key with our own key. So it won't fail anymore. Maybe we can improve the message a little bit Thanks, okay Yeah, I can show one more thing the settings dialogue Yeah, so there are three new options here you can specify a default signing key and a default encryption key and This checkbox when encrypting documents always encrypt yourself Makes absolute sense because if you only encrypt for someone else, you can't open the document yourself anymore So if you disable that you should be knowing what you are doing Yeah, okay. Thank should we do that? You can connect okay, I think there are how does this this work exactly toss Oh Okay, so here you can see this actually working this is a signed document okay, so here you can see the user interface life with the info bar and This was there before this small icon says the document signatures. Okay, and it also has this signed Brackets in the title bar. Yeah, but that's very easy to miss Okay Any more questions, okay I can't say anything about the legal situation I don't think they use it yet They just wanted to encourage use of encrypted and signed documents in Germany and worldwide Okay, thank you, let's close