Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Discussion Regarding Digital Signatures (http://www.velocityreviews.com/forums/t526251-discussion-regarding-digital-signatures.html)

Ari 08-01-2007 05:12 PM

Discussion Regarding Digital Signatures
 
There are many digital signature products on the market but they appear
to be overkill for a project I have due very soon. The project requires
that a digital signature be applied to an authorization of an e-form
(Request by a non commissioned officer) by his superior or superiors.

By "digital signature", the requirements are:

1) that a physical "mark" appear and
2) that the digital signature protects the document from tampering
(invalidates it if tampered with will do)

When the Request is printed, that mark should also appear.

Adobe PDF would be useable but it does require that a digital signature
be applied manually. This is problematic for the User base, an automated
solution must be sought.

I am wondering if the best approach would be to find an existing, open
source, with code and write the automating functions ourselves.

Comments are appreciated.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/

Jim Watt 08-01-2007 09:09 PM

Re: Discussion Regarding Digital Signatures
 
On Wed, 1 Aug 2007 13:12:40 -0400, Ari <arisilverstein@yahoo.com>
wrote:

>There are many digital signature products on the market but they appear
>to be overkill for a project I have due very soon. The project requires
>that a digital signature be applied to an authorization of an e-form
>(Request by a non commissioned officer) by his superior or superiors.
>
>By "digital signature", the requirements are:
>
>1) that a physical "mark" appear and
>2) that the digital signature protects the document from tampering
>(invalidates it if tampered with will do)
>
>When the Request is printed, that mark should also appear.
>
>Adobe PDF would be useable but it does require that a digital signature
>be applied manually. This is problematic for the User base, an automated
>solution must be sought.
>
>I am wondering if the best approach would be to find an existing, open
>source, with code and write the automating functions ourselves.
>
>Comments are appreciated.


PGP provides a mechanism for signing documents, however if you are
lookin at an 'automatic' method of signing documents, thats rather the
same as using a rubber stamp as a conventional signature.

ie without the necessary personal intervention and trust.
--
Jim Watt
http://www.gibnet.com

Luca T. 12-26-2007 02:40 AM

Re: Discussion Regarding Digital Signatures
 
Ari wrote:
> There are many digital signature products on the market but they appear
> to be overkill for a project I have due very soon. The project requires
> that a digital signature be applied to an authorization of an e-form
> (Request by a non commissioned officer) by his superior or superiors.
>
> By "digital signature", the requirements are:
>
> 1) that a physical "mark" appear and
> 2) that the digital signature protects the document from tampering
> (invalidates it if tampered with will do)
>
> When the Request is printed, that mark should also appear.
>
> Adobe PDF would be useable but it does require that a digital signature
> be applied manually. This is problematic for the User base, an automated
> solution must be sought.
>
> I am wondering if the best approach would be to find an existing, open
> source, with code and write the automating functions ourselves.
>
> Comments are appreciated.


Begin here:
http://sourceforge.net/project/showf...kage_id=188602

Bye,
Luca

Ari 12-27-2007 06:14 AM

Re: Discussion Regarding Digital Signatures
 
On Wed, 26 Dec 2007 03:40:05 +0100, Luca T. wrote:

> Ari wrote:
>> There are many digital signature products on the market but they appear
>> to be overkill for a project I have due very soon. The project requires
>> that a digital signature be applied to an authorization of an e-form
>> (Request by a non commissioned officer) by his superior or superiors.
>>
>> By "digital signature", the requirements are:
>>
>> 1) that a physical "mark" appear and
>> 2) that the digital signature protects the document from tampering
>> (invalidates it if tampered with will do)
>>
>> When the Request is printed, that mark should also appear.
>>
>> Adobe PDF would be useable but it does require that a digital signature
>> be applied manually. This is problematic for the User base, an automated
>> solution must be sought.
>>
>> I am wondering if the best approach would be to find an existing, open
>> source, with code and write the automating functions ourselves.
>>
>> Comments are appreciated.

>
> Begin here:
> http://sourceforge.net/project/showf...kage_id=188602
>
> Bye,
> Luca


Focus on Italian CAs?

Eugene Mayevski 12-27-2007 09:53 AM

Re: Discussion Regarding Digital Signatures
 
Hello!
You wrote on Wed, 26 Dec 2007 03:40:05 +0100:

A> Adobe PDF would be useable but it does require that a digital
A> signature be applied manually. This is problematic for the User base,
A> an automated solution must be sought.
??>> ??>> I am wondering if the best approach would be to find an
??>> existing, open source, with code and write the automating functions

Don't know about automation, but if you can do some coding, you can check
PDFBlackbox ( http://www.eldos.com/sbb/desc-pdf.php ), it can be used to
apply the signature and it doesn't require Acrobat. You can also use Acrobat
SDK, but you would need to have Acrobat installed on the system where you do
signing. PDFBlackbox is more practical from this point of view.

With best regards,
Eugene Mayevski


nemo_outis 12-27-2007 05:54 PM

Re: Discussion Regarding Digital Signatures
 
"Eugene Mayevski" <mayevski@eldos.com> wrote in
news:fkvsn8$1ao9$1@behemoth.volia.net:

> Hello!
> You wrote on Wed, 26 Dec 2007 03:40:05 +0100:
>
> A> Adobe PDF would be useable but it does require that a digital
> A> signature be applied manually. This is problematic for the User
> base, A> an automated solution must be sought.
> ??>> ??>> I am wondering if the best approach would be to find an
> ??>> existing, open source, with code and write the automating
> functions
>
> Don't know about automation, but if you can do some coding, you can
> check PDFBlackbox ( http://www.eldos.com/sbb/desc-pdf.php ), it can be
> used to apply the signature and it doesn't require Acrobat. You can
> also use Acrobat SDK, but you would need to have Acrobat installed on
> the system where you do signing. PDFBlackbox is more practical from
> this point of view.
>
> With best regards,
> Eugene Mayevski



Another possible commercial solution is Aloaha:

http://www.aloaha.com/wi-software-en/

Regards,

Ari 12-29-2007 03:00 PM

Re: Discussion Regarding Digital Signatures
 
On Thu, 27 Dec 2007 11:53:42 +0200, Eugene Mayevski wrote:

> Hello!
> You wrote on Wed, 26 Dec 2007 03:40:05 +0100:
>
> A> Adobe PDF would be useable but it does require that a digital
> A> signature be applied manually. This is problematic for the User base,
> A> an automated solution must be sought.
> ??>> ??>> I am wondering if the best approach would be to find an
> ??>> existing, open source, with code and write the automating functions
>
> Don't know about automation, but if you can do some coding, you can check
> PDFBlackbox ( http://www.eldos.com/sbb/desc-pdf.php ), it can be used to
> apply the signature and it doesn't require Acrobat. You can also use Acrobat
> SDK, but you would need to have Acrobat installed on the system where you do
> signing. PDFBlackbox is more practical from this point of view.
>
> With best regards,
> Eugene Mayevski


Thanks Eugene, this looks like a solid alternative. By automatic, I meant
"without user intervention" as in selecting a particular checkbox
("approved" for instance) the having the software either recognize that
action, insert the signature (wherever appropriate) or we call to the app
to do so.

Btw, Here is something I don't necessarily;y agree, it says "Timestamping
is the vital part of the signing process, which certifies the moment, when
the signature is made. With PDFBlackbox you can apply the timestamp when
you sign the document..."

I suppose they assume that the user has been authenticated (identity) which
leads me to think why the signatory process couldn't be tied to the
verification process. hmmm....

Ari 12-29-2007 03:20 PM

Re: Discussion Regarding Digital Signatures
 
On 27 Dec 2007 17:54:37 GMT, nemo_outis wrote:

>> Don't know about automation, but if you can do some coding, you can
>> check PDFBlackbox ( http://www.eldos.com/sbb/desc-pdf.php ), it can be
>> used to apply the signature and it doesn't require Acrobat. You can
>> also use Acrobat SDK, but you would need to have Acrobat installed on
>> the system where you do signing. PDFBlackbox is more practical from
>> this point of view.
>>
>> With best regards,
>> Eugene Mayevski

>
> Another possible commercial solution is Aloaha:
>
> http://www.aloaha.com/wi-software-en/
>
> Regards,


nemo you woof - woof dog you, thanks for the contribute! Solid looking
stuff. Of course, the Customer has a new requirement (wtf do we have
Statements Of Work and Descriptions and Specs for, eh?)

A hand written look-a-like signature in a particular signatory block.

Found this

www.xyzmo.com

Whattya think?

Eugene Mayevski 12-29-2007 05:22 PM

Re: Discussion Regarding Digital Signatures
 
Hello!
You wrote on Sat, 29 Dec 2007 10:00:27 -0500:

A> I suppose they assume that the user has been authenticated (identity)
A> which leads me to think why the signatory process couldn't be tied to
A> the verification process. hmmm....

I am not sure that I understand your point/question. The problem with
absense of timestamping is that when the signature is verified several years
later, the certificate, used to sign the document, will most likely be
expired. If there's no timestamp, the validator will alert the user that the
certificate has expired. If the certificate is revoked and this is
discovered by the validator, the validator will complain about this too.

Timestamping lets the validator check when the timestamp was made and not to
alert the user about the expired certificate. If the certificate was
revoked, the validator will compare the revocation moment with the timestamp
and will have a chance to figure out whether the signature was made with a
valid or revoked certificate.

Timestamping authority timestamps the signature (to be precise, the hash of
some data), it doesn't care about what was used to produce the hash.

With best regards,
Eugene Mayevski


Eugene Mayevski 12-29-2007 05:23 PM

Re: Discussion Regarding Digital Signatures
 
Hello!
You wrote on Sat, 29 Dec 2007 10:20:03 -0500:

A> stuff. Of course, the Customer has a new requirement (wtf do we have
A> Statements Of Work and Descriptions and Specs for, eh?)
A> A hand written look-a-like signature in a particular signatory block.

Did you check how the Acrobat behaves? You can put the signature image
there. This is how I sign the invoices - I use both the signature image for
printing and the digital signature to prove the authenticity of the
signature image and of the document.

With PDFBlackbox you can do this too. In fact you can customize the
signature appearance in any way you like.

With best regards,
Eugene Mayevski



All times are GMT. The time now is 08:36 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.