[Gpg4win-devel] Kleopatra devel

Luc Lalonde Luc.Lalonde at polymtl.ca
Thu Dec 13 17:16:03 CET 2018 

Hello,

On 2018-12-13 5:11 a.m., Andre Heinecke wrote:
> Hi,
>
> On Wednesday 12 December 2018 15:25:03 CET Luc Lalonde wrote:
>> Here at work we are looking at either using PGP or X.509 certs for
>> signing documents.
>>
>> Personnaly I was pushing for the use of PGP, but there are are two
>> sticking points:
>>
>>   * PDF signatures are in a separate file
> Yeah, there has been some work to do signatures in documents with PGP using 
> Libreoffice.
That's great news!  For the moment, it's just possible to integrate
signatures with ODF's, you cannot sign PDF's inline with PGP... just X.509.
>
> Although you could also do an "opaque" signature (gpg -s) that would combine 
> the document with the signature. But in that case you would need an OpenPGP 
> tool to extract the original file by verifying the signature.
>
>>   * there does not seem to be a way to add a signature to an existing
>>     signature file with Kleopatra
> True.
>
>> Has there ever been an interest for the second point?   If so, here's
>> how I see it:
>>
>> If a signature file exists, Kleopatra would ask the user to add the
>> signature to the exisisting file OR replace it.
>>
>> For most non-technical users, it's not an option to go to command line
>> and concatenate two or more signature files into one.
>>
>> What do you think?
> There has indeed been interest in that. But the use cases for that are 
> uncommon in my opinion.
>
> It's also a bit complicated IMO to make it user friendly. You would have to 
> check the signature -> Is it done by your own key but no longer valid (e.g. 
> you edited the file)? -> Replace without question.
>
> If it is valid but from a different key -> Ask.
>
> The add of a second detached signature is not very difficult. You could use a 
> verifydetachedjob from QGpgME and just add the result to the signature file 
> instead of replacing it.
>
> I would be happy to review / add such a feature to Kleopatra.
>
I'd like to take a crack at this... I've been looking for a project to
work on.   And this is of interest for my office.

Cheers.

-- 
Luc Lalonde, analyste
-----------------------------
Département de génie informatique:
École polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20181213/f6183a25/attachment.asc>

More information about the Gpg4win-devel mailing list