Signing Exported PDF
Digital signatures are used to ensure that the PDF was really created by the original author (i.e. you), and that the document has not been modified since it was signed.
The signed PDF export uses the keys and X.509 certificates already stored in your default key store location or on a smartcard.
The key store to be used can be selected under LibreOffice - PreferencesTools - Options - LibreOffice - Security - Certificate Path.
When using a smartcard, it must already be configured for use by your key store. This is usually done during installation of the smartcard software.
Use this certificate to digitally sign PDF documents
Allows you to select a certificate to be used for signing this PDF export.
Opens the Select Certificate dialog.
All certificates found in your selected key store are displayed. If the key store is protected by a password, you are prompted for it. When using a smartcard that is protected by a PIN, you are also prompted for that.
Select the certificate to use for digitally signing the exported PDF by clicking on the corresponding line, then click OK.
All other fields on the Digital Signatures tab will be accessible only after a certificate has been selected.
Enter the password used for protecting the private key associated with the selected certificate. Usually this is the key store password.
If the key store password has already been entered in the Select Certificate dialog, the key store may already be unlocked and not require the password again. But to be on the safe side, enter it nevertheless.
When using a smartcard, enter the PIN here. Some smartcard software will prompt you for the PIN again before signing. This is cumbersome, but that's how smartcards work.
Location, Contact information, Reason
These three fields allow you to optionally enter additional information about the digital signature that will be applied to the PDF (Where, by whom and why it was made). It will be embedded in the appropriate PDF fields and will be visible to anyone viewing the PDF. Each or all of the three fields may be left blank.
Time Stamp Authority
Allows you to optionally select a Time Stamping Authority (TSA) URL.
During the PDF signing process, the TSA will be used to obtain a digitally signed timestamp that is then embedded in the signature. This (RFC 3161) timestamp will allow anyone viewing the PDF to verify when the document was signed.
The list of TSA URLs that can be selected is maintained under LibreOffice - PreferencesTools - Options - LibreOffice - Security - TSAs.
If no TSA URL is selected (the default), the signature will not be timestamped, but will use the current time from your local computer.