Kako uporabljamo digitalne podpise
Contents
Kje dobim digitalno potrdilo?
Najprej potrebujete veljavno digitalno potrdilo. Potrdilo npr. dobite zastonj pri SIGEN-CA (Overitelj digitalnih potrdil pri Ministrstvu za javno upravo), dobite pa ga lahko tudi pri svoji banki, ki izdaja potrdila za svoje spletno poslovanje. Potrdila imajo različne roke veljavnosti, potrdilo SIGEN-CA npr. velja 5 let. Po pretečenem času veljavnosti lahko potrdilo obnovite, če tako želite, sicer z njim ne boste več mogli podpisovati dokumentov.
Kako uporabim potrdilo v [OpenOffice.org]
Ko pridobite potrdilo in ga namestite v skladu z navodili, bi ta moral biti nameščen v shrambi ključev vašega brskalnika. Uporabniki Mozille ga najdete pod Zasebnost in varnost v pogovornem oknu Možnosti svojega brskalnika. Uporabniki Firefoxa ga najdete z Napredno - Šifriranje - Preglej potrdila - Vaša potrdila. Redki uporabniki Internet Explorerja ga najdete pod Start - Nastavitve - Nadzorna plošča - Internetne možnosti - Vsebina - Potrdila.
Ti podatki so potrebni, saj StarOffice / OpenOffice.org uporablja model šifriranja uporabnikovega operacijskega sistema. V sistemu Windows uporablja Microsoft Crypto API, zato ni potrebno storiti ničesar, če ste uporabili Internet Explorer za pridobitev potrdila. Če ste uporabili Mozillo ali Firefox, morate izvoziti svoje digitalno potrdilo v datoteko iz shrambe digitalnih potrdil Mozilla in ga uvoziti v shrambo ključev Microsoft. V Mozilli odprite Nastavitve in izberite:
-Manage Certificates from it. -Izberite potrdilo, ki ga želite izvoziti, in kliknite gumb Naredi varnostno kopijo -Poiščite mesto, kamor želite shraniti datoteko, in jo poimenujte -Sledite navodilom Mozille -Če želite uvoziti potrdilo v Microsoft Cryptoengine, postopajte tako: -pojdite na mesto izvožene datoteke z raziskovalcem in -dvokliknite datoteko. -sledite navodilom in to je vse. -Svoje potrdilo ste prenesli v shrambo ključev Microsoft svoje namestitve Windows.
Za Linux in Solaris lahko ta postopek uporabite na drug način - za prenos potrdila iz okolja Windows v shrambo ključev Mozilla, Thunderbird ali Firefox.
Predpogoji za okolje Linux / Solaris
Če želite uporabiti svoje potrdilo za digitalno podpisovanje dokumentov na Linuxu ali Solarisu, potrebujete nekaj prerequisites :
- digitalno potrdilo (ki ste ga dobili od Certificate Authority) - profil za Thunderbird, Mozillo ali Firefox, kjer boste shranili potrdilo
StarOffice / OpenOffice.org išče digitalno potrdilo v omenjenih profilih v naslednjem zaporedju:
a.) okoljska spremenljivka MOZILLA_CERTIFICATE_FOLDER, b.) profil Thunderbird, c.) profil Mozilla suite, d.) profil Firefox.
To je dobro vedeti, ker namestitve Linuxa Debian in morda Fedora, kot kaže, določita ime profila na način, ki ga razvijalci Mozille ne priporočajo. V tem primeru Certificates are not shown in the digital signature dialog of the Office suite. In this case, locate the appropriate profile folder and set the Environment Variable MOZILLA_CERTIFICATE_FOLDER accordingly. Oglejte si Certificate Detection
Prav tako je necessary that the trust settings for the root certificates are set to trust the certificate to identify web sites and e-mail users.
Predpogoji za okolje Windows
Ker potrebujete le veljavno digitalno potrdilo, shranjeno v shrambi ključev vmesnika Windows Crypto API in ker ste ga namestili v podpoglavju 1.1, ni potrebno storiti nič drugega.
Kako podpišem dokument
Edit the document you want to sign and save it. Now select Digital Signatures from the File Menu. If you get a warning about a missing Mozilla profile, have a look at chapter 1.1.1 please. You probably use a Debian or Fedora Linux and haven't set the environment variable in the correct way.
If all is properly set, you get the digital signatures dialog and can click on the Add button. On Linux and Solaris you're asked for the password for accessing the used keystore, on Windows it depends on the settings made on importing the certificate. Now your stored certificates are shown. Please select the one you want to use and than click on Ok. After that you will be back in StarOffice / OpenOffice.org Digital Signatures dialog. This dialog will show a small icon in front of the textual representation of the certificate used to sign the Document.
Kako podpišem makro
To sign a Macro you have two possible ways.
1.)Use Tools – Macro – Digital Signature 2.)Use File – Digital Signature within the BASIC Editor of StarOffice / OpenOffice.org
The procedure of adding a certificate to the Macro is the same as used for documents.
Sporočila o napaki in vidna pomagala
Sporočila o napaki pri nalaganju dokumentov
You only get a message on loading the document if the signature of the document and / or the signature of the containing macros is broken. In this case the execution of macros is stopped and you can only activate macros by setting the security level to low and re-loading the document. But this is not recommended. Or remove the broken signature from the document and reload it. In this case make sure the macros contained in the document are not malicious.
Vidna pomagala
We have four visual aids for the possible states of a document signature.
A sheet with a stylised red seal stating that the document signature(s) are OK and no alteration of the document occurred since the last signing.
The addition (signed) to the title bar of an opened signed document.
A sheet with a stylised red seal and a small yellow triangle with exclamation mark stating that the document signature(s) are OK and no alteration of the document occurred since the last signing but at least one of the used certificates could not be validated. This can be caused by a not available root certificate from the Issuer of one of the certificates used or a not possible connection to the server containing the Revocation List for the Certificate Issuer. This is just an informal message, the document itself isn't changed after signing. But the decision on how far you can trust this document is up to you. The used certificate is maybe outdated or revoked.
A yellow triangle with black exclamation mark showing that the document signature is broken. So this document has been altered in some way and therefore you should not trust it's content.
These visual aids will be displayed in the digital signature dialog and the status bar. For the '(signed)' text, this one is shown in the title bar of the document window next to the file name.
Zaupanja vredna koda makra
To add a certificate as a trusted macro source, open a document signed with the certificate you want to trust. Then use the dialog that pops up to always trust macros from that source.
