Difference between revisions of "Security/Digital Signatures"

Revision as of 09:31, 10 July 2009

Digital Signature Specification for ODF 1.2

Digital Signatures have already been specified in an ODF 1.2 draft from 2007 (OpenDocument-v1.2-draft6.odt).

However, after studying the Black Hat 2009 OOo Security Briefing, we feel that the final ODF 1.2 specification needs to be improved, so that the manifest.xml will also be part of a document signature.

It's not clear whether or not the document signature file itself should also always been signed, because it depends on the use case, so we want to leave this as optional.

This is the latest draft of the proposal that we will send to the OASIS OpenDocument TC:

Document and Macro Signatures

An OpenDocument document that is stored in a package may have one or more digital signatures applied to the package. A document signature is a digital signature that is applied to all files contained in a package, regardless whether they are defined by this specification or are application specific extensions. This also includes files which carry meta information used by the package itself, such as manifest.xml, additional signature files, but might exclude the signature file itself. Because the signature is applied to every file, applications can detect if additional files were added after the document had been signed. This applies also for additional signature files contained in META-INF, such as macrosignatures.xml. If files were added after the document signature had been created, then applications must inform the user, for example, by indicating that the signature is broken.
Document signatures are stored in a file called META-INF/documentsignatures.xml in the package as described in section 2.4 of the OpenDocument specification part 3. A document signature shall be considered to be valid only if the 'XML-Digital Signature' contained in documentsignatures.xmlisvalid itself, if it is applied to all filesof thpackage, which may include the signature file itself, and if no files were added after the signature was created.A macro signature is a digital signature that is applied to macro code and other executable code that may be contained in a package. Macro signatures are stored in a file called META-INF/macrosignatures.xml in the package as described in section 2.4 of the OpenDocument specification part 3. Since macro code and executable code is application specific, this specification does not define to which files a macro signature applies. However, an application shall consider a macro signature as invalid if a package contains files to which the macro signature is not applied, and which contain macro or executable code that the application is able to execute.
Since a document signature is applied to all files, it includes the files to which a macro signature is applied. A document may have document and macro signatures applied simultaneously, and may have further applications specific signatures applied to its package.

2.4 Digital Signatures

Document files and package files, that is the files which carry meta information for the package, such as manifest.xml,imay have a digital signature applied.Digital signatures are stored in one or more files within the META-INF folder. The names of these files shall contain the term "signatures". Each of these files contains a <dsig:document-signatures> root element that serves as a container for an arbitrary <Signature> element as defined by the [xml-dsig] specification. If the <dsig:document-signatures> element contains multiple <Signature> elements, then there should be a relation between the digital signatures they define, for instance, they may all apply to the same set of files.
Applications may require that a digital signature includes a certain set of files. That is, they may consider a digital signature to be valid if, and only if,
the digital signature itself is valid, and
if the <Reference> child elements of the <Signature> element reference a certain set of files.
In particular, application may require that a digital signature references all files contained in a package.
The schema for digital signatures is: ...

Improving the Digital Signature Implementation in OOo 3.2

The implementation of the digital signatures need to be changed to match the updated Digital Signature Specification for ODF 1.2 (issue #XXXXX).

For ODF 1.0/1.1 documents, some special handling for not signed macro streams in a signed document is needed (see below), because the implementation was different than what is specified in ODF 1.2 now (issue #XXXXX).

Older versions of OOo with a document signature only check for not signed files when these are not located in the META-INF folder. With OOo 3.2, this check will be enhanced to also check for not signed content in the META-INF folder. (issue #XXXXX).

Encryption of Digital Signatures in Encrypted Documents

Currently OOo doesn't encrypt digital signatures in encrypted documents. This doesn't make the signatures less reliable, and there are arguments for encrypting the signatures as well as arguments for not doing so.

No encrypting the signatures can be a privacy issue. because someone could see who has signed a document. But on the other side, some automatic processes can't verify the signature when it's encrypted.

For now, we don't have any plans to change the current implementation. In the future, additional signature implementations might handle it differently.

Show a warning for not signed macro streams in documents signed with OpenOffice.org 2.x

The first implementations of digital signatures in OpenOffice.org 2.x completely separated signing document content from signing scripting content. Macros have not been included in the document signatures, so they could be manipulated in a signed document. This behavior changed in OpenOffice.org 3, where the macros are now also signed when the document is signed (without having the same status like explicitly signed macros).

For compatibility reasons, OOo should show a warning (and not a broken signature) when a signed document contains macros which are not signed, but only for documents created with OpenOffice.org 2.x.

The warning will not contain any extra explanation text that the issue can have happened for legacy reasons - signed ODF documents with macros are probably not used that much.

Inform the user that OOo's Digital Signatures have no legal value

While the digital signatures help for author authentication and for ensuring document integrity, the implementation in OOo is not a certified solution, so the signatures won't have any legal value in most countries.

OOo should inform the user about this when he starts to add a digital signature to a document. There should be a configuration item to disable the warning. (issue #XXXXX)

Digital Signatures Framework

There are some ideas for a digital signature framework, so other (3rd party) implementations can be used in OpenOffice.org. See the description in the Wiki and Jochen's presentation.

Digital Signatures for Extensions

It would be good if OpenOffice.org extensions could be digitally signed, for publisher authentication as well as for integrity verification.