Encrypting Documents with OpenPGP
LibreOffice can encrypt documents using OpenPGP public key cryptography. The document is encrypted using a symmetric encryption algorithm.
LibreOffice can encrypt documents confidentially using OpenPGP. The document is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key. The document and its session key are sent to the recipient. The session key must be sent to the recipients so they know how to decrypt the document, but to protect it during transmission it is encrypted with the recipient's public key. Only the private key belonging to the recipient can decrypt the session key.
LibreOffice uses the OpenPGP software installed in your computer. If no OpenPGP software is available you must download and install one suitable for your operating system, likely from your application store or software distribution channel.
Here are some external GPG applications known to work with LibreOffice:
gpg4win on Windows
GPGTools on MacOS
On Linux, usually already installed:
gnupg - a command line utility for signing, encrypting and key management.
Graphical applications for gnupg such as Seahorse (gnome), Kleopatra and KGpg (KDE).
gpgme - an application program interface (API) to develop applications with GPG.
You must define a personal pair of cryptography keys with the OpenPGP application. Refer to the OpenPGP software installed on how to create a pair of keys, it is usually the first step to execute after the software installation.
LibreOffice Encryption Setup
Choose menu . In the Cryptography area:
OpenPGP encryption requires the use of the public key of the recipient and this key must be available in the OpenPGP key chain stored in your computer. To encrypt a document:
Enter a name for the file.
Click. LibreOffice opens the OpenPGP public key selection dialog.
Choose the public key of the recipient. You can select multiple keys at the time.
Clickto close the dialog and save the file.
The file is saved encrypted with the selected public keys.
Only the private key belonging to the recipient can decrypt the document, unless you also encrypt for yourself.
You can only decrypt documents that have been encrypted with your public key. To decrypt a document:
Open the document. An Enter password prompt shows.
Enter the password of the OpenPGP private key. The document is decrypted and the contents is available.
Difference between document encryption with OpenPGP and Save with password
Both commands address confidentiality, but in different ways.
When you save a document with a password, you must remember the password inserted to open the document later. Anyone else that needs to open the document must also know the password used at save time. Therefore, the Save password must be transmitted to be known by other users.
Files encrypted with the save password cannot be decrypted unless the save password is supplied.
With document OpenPGP encryption, you define the set of users that can decrypt the document and you don’t need to send passwords through channels which security is unknown. Besides, the OpenPGP application manages the key chain of public keys more efficiently.