FR/Documentation/Comment utiliser une signature numerique
1. Où obtenir une signature numérique ?
Tout d'abord vous devez posséder une signature numérique valide. Vous pouvez en obtenir une gratuitement auprès de différents fournisseurs de certificats, pour les allemands et particulièrement les habitants de Hambourg, vous pouvez obtenir un certificat par Trustcenter ([1]),d'autre personnes pourrons se tourner vers Thawte ([2]). Ces compagnies offrent un certificat gratuit valable un an, après cela vous pourrez payer pour le renouveler si il vous convient, sinon il ne vous permettra plus de signer des documents.
Si vous n'avez pas confiance dans ces compagnies ou voulez utiliser un certificat plus sur, vous aurez à payer une société qui validera vos données personnelles et qui certifiera que vous êtes bien celui que vous dites être. Ces compagnies sont : Globalsign ([3]), Verisign ([4]) et aussi Trustcenter and Thawte.En plus d'un compte mail gratuit you pouvez obtenir en allemagne une signature numerique auprès de Web.de ([5]).
1.1 Comment rendre un certificat utilisable par StarOffice ?
paragraphe original
If you follow the process to get a certificate this will be installed into the keystore of your Browser. Mozilla users will find it under Privacy & Security in the Option dialog of their Browser. Firefox user will find it at a similar place. The few people using Microsoft's Internet Explorer will find it under Start-Settings-Control Panel-Internet Options-Content-Certificates.
This information is needed as StarOffice / OpenOffice.org relies on the Crypto engine used on the users system. On Windows the Microsoft Crypto API is used, therefore nothing has to be done if the Internet Explorer was used to get the Certificate. In case you've used Mozilla or Firefox, you have to export your certificate into a file from the Mozilla Certificate store and import it into the Microsoft keystore. To do so, just go to your settings dialog in Mozilla and choose :
-Manage Certificates from it. -Select the Certificate to export and click on the button Backup -Find a place were you can save the file and name it -Follow the instructions given by Mozilla -To import the Certificate into the Microsoft Cryptoengine, do the following: -travel to the location of the now exported file by using your preferred file manager and -double click the file. -Follow the instructions and that's it. -You have transferred your certificate into the Microsoft keystore of your Windows installation.
For Linux and Solaris this procedure may be used the other way to get a certificate from Windows into the keystores of Mozilla, Thunderbird or Firefox.
traduction
Si vous suivez tout le processus pour obtenir un certificat, celui ci se retrouvera a la fin enregistré dans le 'stockage de clé' de votre navigateur. Les utilisateurs de Mozilla le retrouverons dans Outils-Options-Avancé à l'onglet Chiffrement, ceux d'internet explorer dans Outils-Options-Contenus et en cliquant sur le bouton Certificats.
Ces informations sont nécéssaire car StarOffice / OpenOffice.org dépend du moteur de cryptage en place sur le systeme de l'utilisateur. Dans le cas de Windows , l'API Microsoft de cryptage est utilisée, ce qui implique que rien de plus n'est nécéssaire si le certificat a été obtenu puis installé depuis Internet Explorer. Dans le cas de Mozilla ou Firefox, vous devez exporter votre certificat vers un fichier puis l'importer dans Internet Explorer. Pour faire cela allez dans Mozilla et faites :
- Outils , options, Boutons Avancé, onglet Chiffrement - Afficher les certificats. - Séléctionnez le certificat a exportez puis cliquez sur le bouton 'exporter'. - Trouvez un dossier oû le stocker et donnez lui un nom. - Suivez les instructions de Mozilla. - Pour importer le certificat dans le moteur de cryptage de Microsoft, suivez ces etapes : - Allez dans le répertoire oû se trouve votre fichier exporté. - Double cliquez dessus. - Suivez les instructions, et c'est fait. - Vous avez transférez votre certificat dans le moteur de crytage de votre système windows.
Pour Linux et Solaris, cette procédure peut aussi etre utilisé pour importer un certificat entre Mozilla, Thunderbird et Firefox.
1.1.1 Prérequis pour Linux / Solaris
To use your Certificate for digital signing of documents on Linux or Solaris we need some prerequisites :
- A certificate (obtained from a Certificate Authority) - A Thunderbird, Mozilla or Firefox profile to store the certificate
StarOffice / OpenOffice.org is looking for a certificate in the mentioned profiles according to the following search order :
a.) The environment variable MOZILLA_CERTIFICATE_FOLDER b.) The Thunderbird profile c.) The Mozilla suite profile d.) The Firefox profile.
This is especially useful to know as Debian and maybe Fedora Linux Installations seem to set the profile names in an other way as suggested by the Mozilla developers. In this case the Certificates are not shown in the digital signature dialog of the Office suite. In this case, locate the appropriate profile folder and set the Environment Variable MOZILLA_CERTIFICATE_FOLDER accordingly. See Certificate Detection
1.1.2 Prérequis pour Windows
As you need only a valid certificate located in the keystore of the Windows Crypto API and we have installed it under Chapter 1.1, there are no more Prerequisites for Windows.
2. Comment signer un document ?
Edit the document you want to sign and save it. Now select Digital Signatures from the File Menu. If you get a warning about a missing Mozilla profile, have a look at chapter 1.1.1 please. You probably use a Debian or Fedora Linux and haven't set the environment variable in the correct way.
If all is properly set, you get the digital signatures dialog and can click on the Add button. On Linux and Solaris you're asked for the password for accessing the used keystore, on Windows it depends on the settings made on importing the certificate. Now your stored certificates are shown. Please select the one you want to use and than click on Ok. After that you will be back in StarOffice / OpenOffice.org Digital Signatures dialog. This dialog will show a small icon in front of the textual representation of the certificate used to sign the Document.
2.1 Comment signer une Macro ?
To sign a Macro you have two possible ways.
1.)Use Tools – Macro – Digital Signature 2.)Use File – Digital Signature within the BASIC Editor of StarOffice / OpenOffice.org
The procedure of adding a certificate to the Macro is the same as used for documents.
3. Messages d'erreurs et aides visuelles
3.1 Messages d'erreurs au chargement des documents
You only get a message on loading the document if the signature of the document and / or the signature of the containing macros is broken. In this case the execution of macros is stopped and you can only activate macros by setting the security level to low and re-loading the document. But this is not recommended. Or remove the broken signature from the document and reload it. In this case make sure the macros contained in the document are not malicious.
3.2 Aides Visuelles
We have four visual aids for the possible states of a document signature.
A sheet with a stylised red seal stating that the document signature(s) are OK and no alteration of the document occurred since the last signing.
The addition (signed) to the title bar of an opened signed document.
A sheet with a stylised red seal and a small yellow triangle with exclamation mark stating that the document signature(s) are OK and no alteration of the document occurred since the last signing but at least one of the used certificates could not be validated. This can be caused by a not available root certificate from the Issuer of one of the certificates used or a not possible connection to the server containing the Revocation List for the Certificate Issuer. This is just an informal message, the document itself isn't changed after signing. But the decision on how far you can trust this document is up to you. The used certificate is maybe outdated or revoked.
A yellow triangle with black exclamation mark showing that the document signature is broken. So this document has been altered in some way and therefore you should not trust it's content.
These visual aids will be displayed in the digital signature dialog and the status bar. For the '(signed)' text, this one is shown in the title bar of the document window next to the file name.
