[framework-issues] [Issue 60875] New - Certificate key usag e is not handled by the OpenOffice programs wh en sign a document digitaly

Fri, 20 Jan 2006 04:28:21 -0800 

To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=60875
                  Issue #:|60875
                  Summary:|Certificate key usage is not handled by the
                          |OpenOffice programs when sign a document digitaly
                Component:|framework
                  Version:|OOo 2.0.1
                 Platform:|All
                      URL:|
               OS/Version:|All
                   Status:|UNCONFIRMED
        Status whiteboard:|
                 Keywords:|
               Resolution:|
               Issue type:|DEFECT
                 Priority:|P3
             Subcomponent:|code
              Assigned to:|tm
              Reported by:|vargaviktor





------- Additional comments from [EMAIL PROTECTED] Fri Jan 20 04:28:19 -0800 
2006 -------
The cerficate key usage is not handled in the Digital Sign feature, so it is
possible, to sign a document with an encryption certificate.

Reproduction: 
1. Sign a document with an encryption certificate, (Key Enchipherment set)
2. It will be successful, so it is wrong.

Solution:
By the regarding RFCs and ETSIs, the Non-Repudation bit and/or Digital Sign bit
should be set, for the signing certificate. Key Enchipherment should not
allowed, or minimum should together with a Digital Sign.

For qualified certs (EU):
only Non-Repudation
more info: 
RFC 3039

For other certificates: Non-Repudation and/or Digital Sign (
more info:
ETSI TS 102 280 
chapter 5.4.3 Key usage, table, Line A, B, C
(the RFC overides the description of qualified, so only the A usable in 
qulified)
Line D - not recommended, dread later
Line E - for encryption

D line - not recommended, because:
1) most of the EU contry laws are not allowing to use for digital signing a
combined certificate.
2) ETSI security notes describes, for security reasons it is not recommended.

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to