To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=60875 Issue #:|60875 Summary:|Certificate key usage is not handled by the |OpenOffice programs when sign a document digitaly Component:|framework Version:|OOo 2.0.1 Platform:|All URL:| OS/Version:|All Status:|UNCONFIRMED Status whiteboard:| Keywords:| Resolution:| Issue type:|DEFECT Priority:|P3 Subcomponent:|code Assigned to:|tm Reported by:|vargaviktor
------- Additional comments from [EMAIL PROTECTED] Fri Jan 20 04:28:19 -0800 2006 ------- The cerficate key usage is not handled in the Digital Sign feature, so it is possible, to sign a document with an encryption certificate. Reproduction: 1. Sign a document with an encryption certificate, (Key Enchipherment set) 2. It will be successful, so it is wrong. Solution: By the regarding RFCs and ETSIs, the Non-Repudation bit and/or Digital Sign bit should be set, for the signing certificate. Key Enchipherment should not allowed, or minimum should together with a Digital Sign. For qualified certs (EU): only Non-Repudation more info: RFC 3039 For other certificates: Non-Repudation and/or Digital Sign ( more info: ETSI TS 102 280 chapter 5.4.3 Key usage, table, Line A, B, C (the RFC overides the description of qualified, so only the A usable in qulified) Line D - not recommended, dread later Line E - for encryption D line - not recommended, because: 1) most of the EU contry laws are not allowing to use for digital signing a combined certificate. 2) ETSI security notes describes, for security reasons it is not recommended. --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]