Security

How to digitally sign a LibreOffice 6 document with GnuPG

With the release of LibreOffice 6 comes a much more user-friendly means of digitally signing a document. Jack Wallen shows you how.

Padlock as a symbol of information safety

Image: Jack Wallen

From the office of "It's about time!" comes the recently released LibreOffice 6, which allows for the signing of documents by way of PGP. That's right, you no longer have to struggle through the process of installing a certificate from a web browser (only to find out its reliability with regards to LibreOffice is iffy at best). Instead, you can now make use of GnuPG and a locally generated GnuPG personal key. This process is actually quite easy, you only have to have everything in place.

I'm going to show you how to set this up and then how to digitally sign your documents with your newly created GnuPG key. I'll be demonstrating on Elementary OS, using the Seahorse passwords and keys tool. The process will be similar, regardless of your platform. In the end, you simply have to find a tool to create a PGP key. For Windows, you could use Gpg4win, and for macOS you could use GPG Suite.

Creating your key

Fire up Seahorse and click the + button to create a new key. From the popup, select PGP Key and click Continue (Figure A).

Figure A

Figure A

The Seahorse main window.

In the next window, type your name and email address, then click Create. You will then be prompted to enter a passphrase for the key. At this point, you are now ready to sign the document with the newly created key.

I do recommend that while creating your key you expand the Advanced key options and add a unique comment to the key—that way you can always verify the key to the sender, by way of the comment. When they receive a LibreOffice document, signed by you, they can ask you what comment you used in your signature. Sure, it's a bit "Spy Vs. Spy," but it's an easy means of verification.

Signing a document

Open a document in LibreOffice. In order to sign the document, it must first be saved, so if you're starting a new document, you must first save it. Click File | Digital Signatures | Digital Signatures. In the resulting window (Figure B), click Sign Document.

Figure B

Figure B

The window that will list who has signed the document.

Click the Sign Document button. In the resulting window, select either the newly created GnuPG key or a previously generated key and click Sign (Figure C).

Figure C

Figure D

Selecting your key for signing.

After clicking the Sign button, you will be prompted to enter the passphrase for your GnuPG key. At this point, the document has been signed by you. If you share that document with anyone, they can then open up the Digital Signatures window and see that you have, in fact, signed the document with your GnuPG key. After the document is signed, an alert will popup in LibreOffice indicating it has been signed (Figure D).

Figure D

Figure D

LibreOffice indicating the document has been signed.

The caveat

The one issue I have found with LibreOffice digital signatures is the second you save a signed document, the signatures are removed. So once you've worked on a document, you must then re-sign it. I'm guessing this is so someone couldn't intercept a signed document, alter it, and send it back with a digital signature intact. So when you do alter and save that signed document, make sure to re-sign it before you return it.

But what if you make changes to a document? Easy:

  1. Open the document for editing
  2. Make your edits
  3. Save the document
  4. Sign the document

But how do you save the signature for the recipient? After you sign it, if you close it without saving, the signature will be lost. If you save it after you sign it, the signature will also be lost.

To get around this issue, here's what you do. Finish creating or editing your document. Once you've complete, go through the process of digitally signing the document. With that complete, do not save the document. Instead, click File | Send | E-Mail Document. This will automatically attach the signed document to an email, using your default email client. The recipient can then open the document and see that it's been signed and view the signature. By doing this, the signature will not be removed until the recipient saves the document on their end.

Not perfect, but it's a start

Obviously this isn't a perfect solution, but it is certainly better than nothing. The one thing I would suggest is when you create the key, you add a comment (as I mentioned earlier). Even with the caveat, you should consider digitally signing your documents that must be shared with others.

Also See

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox