How can I use docker without sudo?

Question

Dov

Asked: 2019-07-22 12:45:30 +0800 CST2019-07-22 12:45:30 +0800 CST 2019-07-22 12:45:30 +0800 CST

How to digitally sign documents in OpenOffice under Ubuntu?

772

On Ubuntu 19.04, Libreoffice seems to be there, but when I clicked, all the apps seem to be missing (like the word processor and the spreadsheet). So I first installed OpenOffice. Then I figured out that I could install Libreoffice as well:

sudo apt install libreoffice

so I now can verify that both have the same issue.

Both Openoffice and Libreoffice have an option claiming to digitally sign a document.

So I created a certificate using instructions from this site: https://websiteforstudents.com/self-signed-certificates-ubuntu-17-04-17-10/ Here is the shell script I wrote to do it so I would not forget the steps:

#! /bin/bash
# see https://websiteforstudents.com/self-signed-certificates-ubuntu-17-04-17-10/

name=dbk
openssl genrsa -aes128 -out $name.key 2048 #generate a key
#best to generate without a passphrase, so next command removes it
openssl rsa -in $name.key -out $name.key

# create a certificate signing request. This one is good for a year
days=365
openssl req -new -days $days -key $name.key -out $name.csr

openssl x509 -in $name.csr -out $name.crt -req -signkey $name.key -days $days

#make it readable only to you, to protect it
chmod 400 $name.*

OpenOffice still didn't find the certificate or offer me any way to select a directory. In the wiki for openoffice, I found a page claiming there are 4 ways to select the directory where OpenOffice will look: https://wiki.openoffice.org/wiki/How_to_use_digital_Signatures

One of those ways would be to set an environment variable:

export MOZILLA_CERTIFICATE_FOLDER=~/cert

This didn't work either. In Libreoffice, I can see an option to start a certificate manager. When I click, I get the following window.

I can click on the certificate in the cert directory but the open button is not clickable.

How can I get either word processor to find the certificate that I created in ~/cert, or is there something wrong with the steps I used to create it?

2 Answers

Voted

Dov · Answer 1 · 2020-12-11T07:47:34+08:00

Dov

2020-12-11T07:47:34+08:002020-12-11T07:47:34+08:00

To date, I have not found any solution for digitally signing under OpenOffice or LibreOffice. It's really too bad as these open source products are great, but there is zero support for this issue.

I am using a commercial product (Master PDF 5), which is available free but watermarks pdfs. I'm not thrilled but for now it does the job.

1

ulatekh · Answer 2 · 2022-04-08T06:47:52+08:00

After hours of frustration, I finally got it to work.

Your steps to creating a keypair look intact; I also found this advice to be helpful, though I eventually had to downgrade to a 4096-bit RS A key – I couldn't get an ED25519-based key to work.

If you want to sign documents with your certificate, you need to combine it with your private key:

openssl pkcs12 -export -in $name.crt -inkey $name.key -name "Human readable name" -out $name.p12

Change "Human readable name" to however you want to see it described later.

If you look in your Firefox certificates, you'll see a ton of them under the "Authorities" tab, but none of those can be used to sign documents, because they only contain public keys, i.e. they're used to validate documents signed by others.

To make your key available to OpenOffice, you need to install it somewhere. You don't have to install it in Firefox; indeed, I didn't, because I don't want my private key anywhere near my web browser.

Instead:

I created a new directory:

mkdir ~/.ca-cert
Then created a new certificate database there:

certutil -N -d ~/.ca-cert
And installed the keypair there using the command:

pk12util -i $name.p12 -d ~/.ca-cert

Presumably, I could have used ~/.mozilla/firefox/(randomDigits).default as the directory, but didn't, for the reasons mentioned above.

Then,

In OpenOffice, under Tools > Options > OpenOffice > Security, you'll find a Certificate path setting.
In that dialog, click Select NSS path and add ~/.ca-cert. Make sure your newly-added path's radio button is selected before clicking OK.

I was unable to get any response to File > Digital signatures > Digital Signatures..., but File > Digital Signatures > Sign Existing PDF... brought up an open-file dialog, allowing me to open a PDF.

The Sign Document button in the upper-right corner appears to be useless.
Instead, you have to File > Export As > Export as PDF... to save the signed version; in the Digital Signatures tab of the PDF options dialog, you can select a certificate to sign with.
The one you installed earlier should be displayed and available, under the "Human readable name" you specified above.

I couldn't get atril or qpdfview to show the PDF was signed, but okular did.

So yeah, big pain in the ass, but it eventually worked.

How to digitally sign documents in OpenOffice under Ubuntu?

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?