OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: OFFICE-3869: Relationship of Encryption and Digital Signatures

Late in development of ODF 1.2 Part 3: Packages, there was an attempt to distinguish between pre-encryption signing (a desirable case) and post-encryption signing (the currently-supported case).  The last two paragraphs of 1.2-3 section 5.2 are the result.  

I believe these are better wordings:

"If a digital signature file is not encrypted, any encrypted files covered by the digital signature are signed in their encrypted form as identified in META-INF/manifest.xml.

"If a digital signature file is encrypted using the encryption means specified for ODF 1.2 Packages, then the digital signature applies to the decrypted forms of all encrypted files in the package exactly as if they had not been encrypted.  (Note that in this case, the manifest, which is never encrypted, is different when there are encrypted files than when there are not.  In particular, the manifest must include the parameters that must be known to decrypt the encrypted digital signature files.)" 

The rewording seem to be compatible with the OASIS limitations on maintenance versus modification of the specification.  I'm reasonably confident that this is consistent with what Michael Brauer had in mind. The note simply points out a consequence of the current specification.

 -- Dennis E. Hamilton
    dennis.hamilton@acm.org    +1-206-779-9430
    https://keybase.io/orcmid  PGP F96E 89FF D456 628A
    X.509 certs used and requested for signed e-mail


It is useful to note that, in practice, if encryption it is done, it is done before the digital signature. Encryption is done when the document is saved.  Signing is done on the saved document and all it adds is a META-INF/digitalsignatures.xml file to the package (which, consequently is not itself in manifest.xml).  This is the form of signing that applies for production and verification of digital signatures on ODF 1.2 documents by Apache OpenOffice, LibreOffice, and Microsoft Office.
One provision of existing implementations of the ODF 1.2 Digital Signature is that the signature includes everything in META-INF/manifest.xml and META-INF/manifest.xml itself.  Since META-INF/digitalsignatures.xml is *not* included in the manifest.xml, this all works and it allows signatures to be added and removed, including in an existing signature file, without disturbing the rest of the package at all.  

Consider the following constraints: If encryption occurs *after* signing and META-INF/digitalsignatures.xml is encrypted using the means specified for ODF 1.2 Packages, META-INF/digitalsignatures.xml encryption must be specified in a manifest.xml <manifest:file-entry> element.  So either the manifest.xml is not signed or it is created and signed before META-INF/digitalsignature.xml is created and then encrypted.  

If, in fact, we have a previously-signed document that is then to be encrypted, that case is impossible for current implementations because the existing signatures include the manifest.xml for that unencrypted package and there may be multiple signatures applicable to the unencrypted form of the package.  

The problem is that the manifest.xml is different when there are encrypted files than when there are not.  And I don't think one wants to abandon including manifest.xml in the digital signature.  There are ways around this problem, but not without adding additional provisions for encryption of already-created and signed packages.

There are ways around this, but they go beyond maintenance.

 -- end --

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]