Trusted certificates in LibreOffice 6.3
Hey, I sign my ODF documents with a self-created certificate. I created this certificate by using openSSL. When I open a signed ODT document, I get a message that the signature is valid but the certificate could not be verified. I would like to tell LibreOffice that this certificate can be trusted. What do I have to do for that? Do I have to save my certificate for this scenario in a specific certificate trust store in Windows? I use LibreOffice 6.3 with Windows 10 Home Premium. Regards Steve ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
XML Schema Definition (XSD) for documentsignatures.xml
Hello, In the file documentsignatures.xml the attribute xmlns defines a default namespace for the elements and . There is neither a reference by the attribute xmlns:xsi to the XML Schema Instance (XSI) namespace "http://www.w3.org/2001/XMLSchema-instance"; nor a reference by the attribute xsi:schemaLocation to the XML schema file xmldsig-core-schema.xsd. As a result, the entire content of the documentsignatures.xml file should not be validated under any scheme. Is that correct? Regards Steve ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Signature process in LibreOffice 6.3
Hi Mike, thanks for your fast reply. Note that "Document signatures shall contain a element *for each file within the package*", and the contents of Thumbnails is not listed aming the exceptions. I've understood. The file documentsignatures.xml needs a element for my "Thumbnails/meta.xml" file. Therefore the signature fails because the corresponding entry in the documentsignatures.xml file is missing. Document signatures shall be stored in a file called META-INF/documentsignatures.xml in the package as described in section 3.5 of the OpenDocument specification part 3. Document signatures shall contain a element for each file within the package, with the exception that elements for the META-INF/documentsignatures.xml file containing the signature, and any files contained in the package whose relative path starts with "external-data/" should be omitted. I understand it in that way: If I create a directory with the name "external-data" and put files into that directory, these files remain unaffected by the signature check (unlike my file "Thumbnails/meta.xml"). Is this correct? Or are these files just not a part of the signature while generating the signature value?* I repeated my test scenario and adjusted the manifest.xml file accordingly: manifest:media-type="text/xml"/> If I now copy the meta.xml file into the "external-data" folder after creating the signature, I still get the message that the signature is invalid. None of the URI attributes of the elements contain the value "external-data/meta.xml". *(By the way: If I create the folder "external-data" and create an empty file "test.xml" in this directory with the corresponding adjustment of the manifest.xml file: manifest:media-type="text/xml"/> After the compression I don't have the option to sign my ODT document (no action when I click on the "Sign document" button, the window in which I can select the certificates with which I can sign my document simply closes.)) Thanks in advance for your help Steve ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
Signature process in LibreOffice 6.3
Hello, my name is Steve Martin and I am an enrolled student at the Ruhr University Bochum. I have a question regarding the implementation of the signature process in LibreOffice. I use a self-created X.509 certificate for signing my ODT documents. As soon as I sign my ODT document, the file "documentsignatures.xml" is created in the META-INF folder in the OpenDocument package. Before I signed my ODT document, I had decompressed the ODT document and added an additional file entry in META-INF/manifest.xml: manifest:media-type="text/xml"/> Then I saved the manifest.xml file and compressed all the files back into a ZIP package. I can now open this file with LibreOffice and sign it with my X.509 certificate. After I signed the document, I decompressed it again and copied the meta.xml file into the Thumbnails directory. Thanks to the previously added file entry in the manifest.xml file, I can now compress all the partial files back into a ZIP archive and open the document with LibreOffice as normal, without being shown the message that the file is corrupted. However, I don't understand why do I get now the message that the signature is not valid? I decompressed the ODT document with the invalid signature and compared the documentsignatures.xml file contained in the META-INF folder with the documentsignatures.xml file that was created immediately after the signature was created. Both files are exactly the same and neither contain the value "Thumbnails/meta.xml" in the URI attribute in the elements. Since none of the files that are listed in the documentsignatures.xml were manipulated, the signature should be valid? Or is there another signature somewhere besides the XML signature about the file structure of the ODT document? Thanks many for your help Steve ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Randomnes in LibreOffice Encryption
Thank's for your fast reply. of course, but if you use an *actual* random function to derive the key from the salt and the password then you'll have trouble decrypting the resulting ciphertext... Why should that be problematic? Randomly generated values (for example, salt or initialization vector) are known because they are included in the unencrypted manifest.xml file. So the decryption algorithm (which is complete deterministic) has access to the values and there is no randomness in the decryption process. both: the method specified in ODF applies the HMAC-SHA1 function to generate the key from the salt, not to generate the salt. Ah, by that you mean the PRF, which used in the F()-function defined in RFC2898 on page 10, is the HMAC-SHA-1 function. But how is the salt generated? The PBKDF2 key derivation method needs a Salt which is randomly generated: In password-based encryption, the party encrypting a message can gain assurance that these benefits are realized simply by selecting a large and sufficiently random salt when deriving an encryption key from a password. (at bottom on Page 5) I looked at the referenced RFC 2898: "PKCS #5: Password-Based Cryptography Specification Version 2.0" (https://www.ietf.org/rfc/rfc2898.txt) how this will be made. In RFC 2898 at the end of page 6 and start of page 7 is written the following: If a random number generator or pseudorandom generator is not available, LibreOffice requires one. available, a deterministic alternative for generating the salt (or the random part of it) is to apply a password-based key derivation function to the password and the message M to be processed. For instance, the salt could be computed with a key derivation function as S = KDF (P, M). This approach is not recommended if the message M is known to belong to a small message space (e.g., "Yes" or "No"), however, since then there will only be a small number of possible salts. My question: Which method is implemented in LibreOffice? Does LibreOffice use a PRNG or the method specified in the ODF standard with the HMAC-SHA-1() function over the plaintext and (password)/(hash of the password))? The second one is a little bit insecure. both: the method specified in ODF applies the HMAC-SHA1 function to generate the key from the salt, not to generate the salt. Or more precisely, LibreOffice uses a PRNG() to create a random salt. Is that correct? If yes, does LibreOffice use a PRNG provided by the operating system? If not, how is the salt generated? Thanks many for your help. Greetings Steve ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
Randomnes in LibreOffice Encryption
Hi, At "http://docs.oasis-open.org/office/v1.2/os/OpenDocument-v1.2-os-part3.html#__RefHeading__752859_826425813"; I read: The defined values for the manifest:key-derivation-name attribute are: •PBKDF2: The PBKDF2 key derivation method with HMAC-SHA-1 for the Pseudo-Random Function(PRF). See [RFC2898] sections 5.2 and B.1.1. HMAC-SHA-1 for the Pseudo-Random Function(PRF)? HMAC-SHA-1 is a deterministic function. That means I enter a value and get a value out. And no matter how many times I call the function with the input value, I always get the same output value. So, with HMAC-SHA-1 is no randomnes possible. So PRFs exists when PRNG (Pseudo Random Number Generator)s exists. I looked at the referenced RFC 2898: "PKCS #5: Password-Based Cryptography Specification Version 2.0" (https://www.ietf.org/rfc/rfc2898.txt) how this will be made. In RFC 2898 at the end of page 6 and start of page 7 is written the following: If a random number generator or pseudorandom generator is not available, a deterministic alternative for generating the salt (or the random part of it) is to apply a password-based key derivation function to the password and the message M to be processed. For instance, the salt could be computed with a key derivation function as S = KDF (P, M). This approach is not recommended if the message M is known to belong to a small message space (e.g., "Yes" or "No"), however, since then there will only be a small number of possible salts. My question: Which method is implemented in LibreOffice? Does LibreOffice use a PRNG or the method specified in the ODF standard with the HMAC-SHA-1() function over the plaintext and (password)/(hash of the password))? The second one is a little bit insecure. Thanks four help. Greetings Steve ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: LibreOffice Encryption/Decryption Implementation
Hello Thorsten, thanks for your fast reply :) There's an updated ODF version currently under review; please check whether: https://docs.oasis-open.org/office/OpenDocument/v1.3/csprd02/part2-packages/OpenDocument-v1.3-csprd02-part2-packages.html#__RefHeading__752811_826425813 answers a few of your questions. I forgot to say that I only consider ODF version 1.2^^ However, I knew this webpage. As I understand it, here are defined the algorithms that need to be supported at least (or rather according to the specification). What I'm looking for is a documentation or specification of how ODF is implemented in application software (in this case LibreOffice) in terms of encryption and decryption. Analyzing the programming code is complicated and would take quite a bit of time^^ I also found this: https://ringlord.com/dl/Decrypting%20ODF%20Files.pdf This is a good explanation, but unfortunately no officially confirmed source (I need that for my master thesis). A further place for information are our ODF implementer notes, that you can find here: https://wiki.documentfoundation.org/Development/ODF_Implementer_Notes If that leaves any questions unanswered, there's always the code (or come back here & ask). ;) Ok thanks, I will keep this in my mind ;) Cheers, -- Thorsten Greetings Steve ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
LibreOffice Encryption/Decryption Implementation
Hello, my name is Steve Martin and I am a student at Ruhr University Bochum. I have a few questions regarding the implementation of encryption and decryption process in LibreOffice. I found some informations at: http://docs.oasis-open.org/office/v1.2/os/OpenDocument-v1.2-os-part3.html#__RefHeading__752815_826425813 about the encryption process. I know since LibreOffice v3.5 AES-256 (in CBC mode) is using. I using LibreOffice v6.3. Is there a official specification on the implementation of encryption and decryption in LibreOffice documents (Which algorithms can be used, what exactly is the procedure, which coding methods are used, how will the data be processed (padding))? Where I can find this sepcification? Thanks many for your help Steve ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice