[kleopatra] [Bug 421705] New: Make kleopatra be able to use opaque signatures for signing and verifying operations

Francesco Bonanno bugzilla_noreply at kde.org
Mon May 18 01:57:19 BST 2020 

https://bugs.kde.org/show_bug.cgi?id=421705

            Bug ID: 421705
           Summary: Make kleopatra be able to use opaque signatures for
                    signing and verifying operations
           Product: kleopatra
           Version: 3.1.8
          Platform: Ubuntu Packages
                OS: Linux
            Status: REPORTED
          Severity: wishlist
          Priority: NOR
         Component: general
          Assignee: aheinecke at gnupg.org
          Reporter: mibofra at fsfe.org
                CC: kdepim-bugs at kde.org, mutz at kde.org
  Target Milestone: ---

SUMMARY
(Even if gpgsm has not yet the support to CAdES compliant signatures, due to
the missing but expected function in libksba for signing attributes, and so on)
gpgsm can make an opaque signature. So if you do as an example gpgsm gpgsm -s
test.txt -o test.txt.p7m, you obtain a signed p7m cryptographic envelope with
the file inside. As specified in the source code and in the popup message if
you try to do this with kleopatra, it is uncommon, but in some jurisdiciton,
like Italy, for the AdES signatures of CMS type (so the CAdES ones), the
regulated format is the opaque signature in p7m, not the detached one in p7s.

https://www.gazzettaufficiale.it/atto/serie_generale/caricaArticolo?art.progressivo=0&art.idArticolo=21&art.versione=1&art.codiceRedazionale=09A14307&art.dataPubblicazioneGazzetta=2009-12-03&art.idGruppo=7&art.idSottoArticolo1=10&art.idSottoArticolo=1&art.flagTipoArticolo=0
the official gazette of Italy about it.

So it will be REALLY nice, to have the possibility to have a button in the
sign/encrypt window to choose to use the opaque signature, and in the
verify/decrypt window to verify it (gpgsm can do it without issues) or
autodetect and verify it.

STEPS TO REPRODUCE
Try to sign a file with Kleopatra, using a x.509 cert and related private key,
making an opaque signature enveloped in a p7m or try to verify a opaque signed
envelope.

OBSERVED RESULT
Kleopatra will complain about the choice of trying renaming the file to a dot
p7m, and in any case, the output will be a p7s detached signature.
Trying to verify an opaque signed envelope, kleopatra will complain about it.

EXPECTED RESULT
Kleopatra having a button to choose to make an opaque signature and have as
output an opaque signed p7m and verifing no complains about it.

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: Kubuntu 20.04
(available in About System)
KDE Plasma Version: 5.18.5
KDE Frameworks Version: 5.68.0
Qt Version: 5.12.8

ADDITIONAL INFORMATION

Obviously, sorry guys if part of this or all the issue is solved already in the
master of kleopatra.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the Kdepim-bugs mailing list