Hello everyone,
I am trying to digitally sign a LibreOffice document using a hardware security key (YubiKey-like device) via PIV smart card functionality on Windows, but I am unable to complete the signing process.
Here are the steps I followed:
- I created an X.509 certificate using the RSA 2048 algorithm.
- I imported the certificate and private key as a PFX into the security key (PIV slot).
- I imported the corresponding public certificate into the Windows Trusted Certificate Store.
- In LibreOffice, I opened a document and navigated to:
File → Digital Signatures → Digital Signatures → Sign Document. - A Windows Security dialog appears asking me to select the smart card.
At this point, I encounter the following issue:
- After selecting the smart card, Windows shows the error:
“The smart card cannot perform the requested operation or the operation requires a different smart card.” - If I press Cancel multiple times, the certificates eventually appear in LibreOffice.
- However, even though the certificates are listed, LibreOffice does not allow me to sign the document using the smart card.
Questions:
- Does LibreOffice officially support PIV smart card–based signing on Windows?
- Are there specific certificate requirements (key usage, EKU, hash algorithm, provider type, etc.) needed for LibreOffice document signing?
- Does LibreOffice rely on Windows CAPI / CNG, and are there known limitations with smart cards or hardware keys?
- Is additional configuration (LibreOffice, Windows, or middleware) required to make this work?
Any guidance, documentation references, or confirmation of limitations would be greatly appreciated.
Thank you in advance.