421705 – Make kleopatra be able to use opaque signatures for signing and verifying operations

Bug 421705 - Make kleopatra be able to use opaque signatures for signing and verifying operations

Summary: Make kleopatra be able to use opaque signatures for signing and verifying ope...

Status:	REPORTED

Alias:	None

Product:	kleopatra
Classification:	Applications
Component:	general (show other bugs)
Version:	3.1.8
Platform:	Ubuntu Linux

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	Andre Heinecke

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-05-18 00:57 UTC by Francesco Bonanno
Modified:	2020-05-18 00:57 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Francesco Bonanno 2020-05-18 00:57:19 UTC

SUMMARY
(Even if gpgsm has not yet the support to CAdES compliant signatures, due to the missing but expected function in libksba for signing attributes, and so on) gpgsm can make an opaque signature. So if you do as an example gpgsm gpgsm -s test.txt -o test.txt.p7m, you obtain a signed p7m cryptographic envelope with the file inside. As specified in the source code and in the popup message if you try to do this with kleopatra, it is uncommon, but in some jurisdiciton, like Italy, for the AdES signatures of CMS type (so the CAdES ones), the regulated format is the opaque signature in p7m, not the detached one in p7s.

https://www.gazzettaufficiale.it/atto/serie_generale/caricaArticolo?art.progressivo=0&art.idArticolo=21&art.versione=1&art.codiceRedazionale=09A14307&art.dataPubblicazioneGazzetta=2009-12-03&art.idGruppo=7&art.idSottoArticolo1=10&art.idSottoArticolo=1&art.flagTipoArticolo=0 the official gazette of Italy about it.

So it will be REALLY nice, to have the possibility to have a button in the sign/encrypt window to choose to use the opaque signature, and in the verify/decrypt window to verify it (gpgsm can do it without issues) or autodetect and verify it.

STEPS TO REPRODUCE
Try to sign a file with Kleopatra, using a x.509 cert and related private key, making an opaque signature enveloped in a p7m or try to verify a opaque signed envelope.

OBSERVED RESULT
Kleopatra will complain about the choice of trying renaming the file to a dot p7m, and in any case, the output will be a p7s detached signature.
Trying to verify an opaque signed envelope, kleopatra will complain about it.

EXPECTED RESULT
Kleopatra having a button to choose to make an opaque signature and have as output an opaque signed p7m and verifing no complains about it.

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: Kubuntu 20.04
(available in About System)
KDE Plasma Version: 5.18.5
KDE Frameworks Version: 5.68.0
Qt Version: 5.12.8

ADDITIONAL INFORMATION

Obviously, sorry guys if part of this or all the issue is solved already in the master of kleopatra.