[Gpg4win-devel] Kleopatra devel
Luc Lalonde
Luc.Lalonde at polymtl.ca
Thu Dec 13 17:16:03 CET 2018
Hello,
On 2018-12-13 5:11 a.m., Andre Heinecke wrote:
> Hi,
>
> On Wednesday 12 December 2018 15:25:03 CET Luc Lalonde wrote:
>> Here at work we are looking at either using PGP or X.509 certs for
>> signing documents.
>>
>> Personnaly I was pushing for the use of PGP, but there are are two
>> sticking points:
>>
>> * PDF signatures are in a separate file
> Yeah, there has been some work to do signatures in documents with PGP using
> Libreoffice.
That's great news! For the moment, it's just possible to integrate
signatures with ODF's, you cannot sign PDF's inline with PGP... just X.509.
>
> Although you could also do an "opaque" signature (gpg -s) that would combine
> the document with the signature. But in that case you would need an OpenPGP
> tool to extract the original file by verifying the signature.
>
>> * there does not seem to be a way to add a signature to an existing
>> signature file with Kleopatra
> True.
>
>> Has there ever been an interest for the second point? If so, here's
>> how I see it:
>>
>> If a signature file exists, Kleopatra would ask the user to add the
>> signature to the exisisting file OR replace it.
>>
>> For most non-technical users, it's not an option to go to command line
>> and concatenate two or more signature files into one.
>>
>> What do you think?
> There has indeed been interest in that. But the use cases for that are
> uncommon in my opinion.
>
> It's also a bit complicated IMO to make it user friendly. You would have to
> check the signature -> Is it done by your own key but no longer valid (e.g.
> you edited the file)? -> Replace without question.
>
> If it is valid but from a different key -> Ask.
>
> The add of a second detached signature is not very difficult. You could use a
> verifydetachedjob from QGpgME and just add the result to the signature file
> instead of replacing it.
>
> I would be happy to review / add such a feature to Kleopatra.
>
I'd like to take a crack at this... I've been looking for a project to
work on. And this is of interest for my office.
Cheers.
--
Luc Lalonde, analyste
-----------------------------
Département de génie informatique:
École polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20181213/f6183a25/attachment.asc>
More information about the Gpg4win-devel
mailing list