Details

    • Type: Bug
    • Status: Applied
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: ODF 1.2
    • Fix Version/s: ODF 1.2
    • Component/s: Packaging, Security
    • Labels:
      None
    • Proposal:
      Show
      See: http://lists.oasis-open.org/archives/office/200908/msg00171.html
    • Resolution:
      Hide

      Replaced current text with:

      An OpenDocument document that is stored in a package may have one or more digital signatures applied to the package. A document signature is a digital signature that is applied to all files in the zip archive of the package. This implies the document files, as well as the files which are part of the package format, such as mimetype, manifest.xml, additional signature files ,etc. Only the file containing the document signature may be excluded from the signature.
      Document signatures shall be stored in a file called META-INF/documentsignatures.xml in the package as described in section 2.4 of the OpenDocument specification part 3. A document signature shall be considered to be valid only if the "XML Digital Signature" contained in documentsignatures.xml is valid and the file is valid as defined by its digital signature technique. A macro signature is a digital signature that is applied to macro code and other executable code that may be contained in a package. Macro signatures are stored in a file called META-INF/macrosignatures.xml in the package as described in section 2.4 of the OpenDocument specification part 3. Since macro code and executable code is application specific, this specification does not define to the files to which a macro signature applies.
      A document may have document and macro signatures applied simultaneously, and may have further applications specific signatures applied to its package.

      Show
      Replaced current text with: An OpenDocument document that is stored in a package may have one or more digital signatures applied to the package. A document signature is a digital signature that is applied to all files in the zip archive of the package. This implies the document files, as well as the files which are part of the package format, such as mimetype, manifest.xml, additional signature files ,etc. Only the file containing the document signature may be excluded from the signature. Document signatures shall be stored in a file called META-INF/documentsignatures.xml in the package as described in section 2.4 of the OpenDocument specification part 3. A document signature shall be considered to be valid only if the "XML Digital Signature" contained in documentsignatures.xml is valid and the file is valid as defined by its digital signature technique. A macro signature is a digital signature that is applied to macro code and other executable code that may be contained in a package. Macro signatures are stored in a file called META-INF/macrosignatures.xml in the package as described in section 2.4 of the OpenDocument specification part 3. Since macro code and executable code is application specific, this specification does not define to the files to which a macro signature applies. A document may have document and macro signatures applied simultaneously, and may have further applications specific signatures applied to its package.

      Description

      ODF 1.2 part 1 CD03 does not clearly state which files of a package have to be included into a document signature.

      A proposal how to resolve this is attached to

      http://lists.oasis-open.org/archives/office/200908/msg00171.html

        Attachments

          Activity

            People

            • Assignee:
              Patrick Patrick Durusau
              Reporter:
              michael.brauer Michael Brauer (Inactive)
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: