12e5082537
The trouble with signing via ca/cert/key PEM files is that usually the CA is not trusted by the received of the signature. 3rd-party services are available to do generate trusted signatures, but then you need to share your document with them, which can be also problematic. A middle-ground here is to sign the hash of the document by a 3rd-party, something that's supported by e.g. <https://docs.eideasy.com/electronic-signatures/api-flow-with-file-hashes-pdf.html> (which itself aggregates a number of providers). As a first step, add LOK API to get what would be the signature time during signing -- but instead of actually signing, just return this information. Once the same is done with the doc hash, this is supposed to provide the same info than what the reference <https://github.com/eideasy/eideasy-external-pades-digital-signatures> app does. This is only a start: incrementally replace XCertificate with SignatureContext, which allows aborting the signing right before calling into NSS, and also later it'll allow injecting the PKCS#7 object we get from the 3rd-party. Change-Id: I108564f047fdb4fb796240c7d18a584cd9044313 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176279 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com> |
||
|---|---|---|
| .. | ||
| app | ||
| deployment | ||
| inc | ||
| lib | ||
| migration | ||
| minidump | ||
| offacc | ||
| pkgchk/unopkg | ||
| splash | ||