With the release of LibreOffice 5.4.0 today, I’m most happy to announce support for OpenPGP / GnuPG keys when signing ODF documents in LibreOffice under Linux. This is great if you already use GPG/PGP for email with your peers, as it ensures authenticity of your ODF documents regardless of the mode of transport or storage.
For any ODF document, simply navigate to File->Digital signatures in LibreOffice, and the certificate selection dialog will transparently list all suitable signing keys on your system, including those from Kleopatra, KGpg, GPA or Enigmail – that perhaps you’re using already for secure email.
Pick a GPG key, and LibreOffice will delegate all password entry and GPG crypto to tried-and-true system components (the LibreOffice process won’t even see you passphrase):
Sign document with GPG key
We also made signature status much more visible – before, signed documents only had a tiny icon down in the status bar (both for valid, as well as for broken or untrusted signatures – not ideal for noticing). LibreOffice there follows the trend set by browsers, to make security features (and broken trust) much more obvious. Your validly signed document will now show up like this:
InfoBar showing signature status
Work is ongoing on adding support for Windows (and perhaps other platforms) as well – as of today, LibreOffice 5.4 supports this feature only under Linux. Furthermore, we also plan to provide GPG-based encryption of ODF documents (currently, document encryption is based on individual passwords), stay tuned!
This work was generously sponsored by the German federal office for information security (BSI), and of course builds on top of great software like GnuPG – many thanks!