this post was submitted on 28 Aug 2023
41 points (93.6% liked)

Open Source

31351 readers
167 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Howdy, not sure if this is the right place to ask but I figured this community has the best chance of using libreoffice. I recently started to learn about gpg and decided to try to digitally sign an odf file I created via libreoffice writter. Thought I could do the same with a pdf file but turns out you need a third party ca certification, so now I'm wondering, assuming only open formats can be signed, why even sign an odf file in the first place? Is it just for niche situations or do official/mainstream entities now support that format? Would it be considered legally binding? I heard that microsoft office gained support for the odf format back in 2021 so if the digital signature could still be verified on their end then I don't see a problem. Is that the case? My bad for all the questions I'm just trying to see the usecase for this seems to me that for anything professional signing with a third party ca cert. would be the better option.

you are viewing a single comment's thread
view the rest of the comments
[–] heavy@sh.itjust.works 6 points 1 year ago

I'd say the purpose of the feature is to do as intended, ensure the documents authenticity and integrity. The mechanism still requires people trust your signature (public key), so you need another strategy to establish that trust. If you wanted to share a confidential document to a person you know on discord, and they already trust your discord profile, you would need to use said profile to get people to trust the key you're going to use, belongs to and identifies you. This really isn't different from third party Cas, just a lot of certificates from them are already trusted by default and part of the internet wide key infrastructure.