Howdy, not sure if this is the right place to ask but I figured this community has the best chance of using libreoffice. I recently started to learn about gpg and decided to try to digitally sign an odf file I created via libreoffice writter. Thought I could do the same with a pdf file but turns out you need a third party ca certification, so now I’m wondering, assuming only open formats can be signed, why even sign an odf file in the first place? Is it just for niche situations or do official/mainstream entities now support that format? Would it be considered legally binding? I heard that microsoft office gained support for the odf format back in 2021 so if the digital signature could still be verified on their end then I don’t see a problem. Is that the case? My bad for all the questions I’m just trying to see the usecase for this seems to me that for anything professional signing with a third party ca cert. would be the better option.

  • heavy@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    I’d say the purpose of the feature is to do as intended, ensure the documents authenticity and integrity. The mechanism still requires people trust your signature (public key), so you need another strategy to establish that trust. If you wanted to share a confidential document to a person you know on discord, and they already trust your discord profile, you would need to use said profile to get people to trust the key you’re going to use, belongs to and identifies you. This really isn’t different from third party Cas, just a lot of certificates from them are already trusted by default and part of the internet wide key infrastructure.