Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Discussion Regarding Digital Signatures

Reply
Thread Tools

Discussion Regarding Digital Signatures

 
 
Ari
Guest
Posts: n/a
 
      08-01-2007
There are many digital signature products on the market but they appear
to be overkill for a project I have due very soon. The project requires
that a digital signature be applied to an authorization of an e-form
(Request by a non commissioned officer) by his superior or superiors.

By "digital signature", the requirements are:

1) that a physical "mark" appear and
2) that the digital signature protects the document from tampering
(invalidates it if tampered with will do)

When the Request is printed, that mark should also appear.

Adobe PDF would be useable but it does require that a digital signature
be applied manually. This is problematic for the User base, an automated
solution must be sought.

I am wondering if the best approach would be to find an existing, open
source, with code and write the automating functions ourselves.

Comments are appreciated.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
 
Reply With Quote
 
 
 
 
Jim Watt
Guest
Posts: n/a
 
      08-01-2007
On Wed, 1 Aug 2007 13:12:40 -0400, Ari <(E-Mail Removed)>
wrote:

>There are many digital signature products on the market but they appear
>to be overkill for a project I have due very soon. The project requires
>that a digital signature be applied to an authorization of an e-form
>(Request by a non commissioned officer) by his superior or superiors.
>
>By "digital signature", the requirements are:
>
>1) that a physical "mark" appear and
>2) that the digital signature protects the document from tampering
>(invalidates it if tampered with will do)
>
>When the Request is printed, that mark should also appear.
>
>Adobe PDF would be useable but it does require that a digital signature
>be applied manually. This is problematic for the User base, an automated
>solution must be sought.
>
>I am wondering if the best approach would be to find an existing, open
>source, with code and write the automating functions ourselves.
>
>Comments are appreciated.


PGP provides a mechanism for signing documents, however if you are
lookin at an 'automatic' method of signing documents, thats rather the
same as using a rubber stamp as a conventional signature.

ie without the necessary personal intervention and trust.
--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
 
 
 
Luca T.
Guest
Posts: n/a
 
      12-26-2007
Ari wrote:
> There are many digital signature products on the market but they appear
> to be overkill for a project I have due very soon. The project requires
> that a digital signature be applied to an authorization of an e-form
> (Request by a non commissioned officer) by his superior or superiors.
>
> By "digital signature", the requirements are:
>
> 1) that a physical "mark" appear and
> 2) that the digital signature protects the document from tampering
> (invalidates it if tampered with will do)
>
> When the Request is printed, that mark should also appear.
>
> Adobe PDF would be useable but it does require that a digital signature
> be applied manually. This is problematic for the User base, an automated
> solution must be sought.
>
> I am wondering if the best approach would be to find an existing, open
> source, with code and write the automating functions ourselves.
>
> Comments are appreciated.


Begin here:
http://sourceforge.net/project/showf...kage_id=188602

Bye,
Luca
 
Reply With Quote
 
Ari
Guest
Posts: n/a
 
      12-27-2007
On Wed, 26 Dec 2007 03:40:05 +0100, Luca T. wrote:

> Ari wrote:
>> There are many digital signature products on the market but they appear
>> to be overkill for a project I have due very soon. The project requires
>> that a digital signature be applied to an authorization of an e-form
>> (Request by a non commissioned officer) by his superior or superiors.
>>
>> By "digital signature", the requirements are:
>>
>> 1) that a physical "mark" appear and
>> 2) that the digital signature protects the document from tampering
>> (invalidates it if tampered with will do)
>>
>> When the Request is printed, that mark should also appear.
>>
>> Adobe PDF would be useable but it does require that a digital signature
>> be applied manually. This is problematic for the User base, an automated
>> solution must be sought.
>>
>> I am wondering if the best approach would be to find an existing, open
>> source, with code and write the automating functions ourselves.
>>
>> Comments are appreciated.

>
> Begin here:
> http://sourceforge.net/project/showf...kage_id=188602
>
> Bye,
> Luca


Focus on Italian CAs?
 
Reply With Quote
 
Eugene Mayevski
Guest
Posts: n/a
 
      12-27-2007
Hello!
You wrote on Wed, 26 Dec 2007 03:40:05 +0100:

A> Adobe PDF would be useable but it does require that a digital
A> signature be applied manually. This is problematic for the User base,
A> an automated solution must be sought.
??>> ??>> I am wondering if the best approach would be to find an
??>> existing, open source, with code and write the automating functions

Don't know about automation, but if you can do some coding, you can check
PDFBlackbox ( http://www.eldos.com/sbb/desc-pdf.php ), it can be used to
apply the signature and it doesn't require Acrobat. You can also use Acrobat
SDK, but you would need to have Acrobat installed on the system where you do
signing. PDFBlackbox is more practical from this point of view.

With best regards,
Eugene Mayevski

 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      12-27-2007
"Eugene Mayevski" <(E-Mail Removed)> wrote in
news:fkvsn8$1ao9$(E-Mail Removed):

> Hello!
> You wrote on Wed, 26 Dec 2007 03:40:05 +0100:
>
> A> Adobe PDF would be useable but it does require that a digital
> A> signature be applied manually. This is problematic for the User
> base, A> an automated solution must be sought.
> ??>> ??>> I am wondering if the best approach would be to find an
> ??>> existing, open source, with code and write the automating
> functions
>
> Don't know about automation, but if you can do some coding, you can
> check PDFBlackbox ( http://www.eldos.com/sbb/desc-pdf.php ), it can be
> used to apply the signature and it doesn't require Acrobat. You can
> also use Acrobat SDK, but you would need to have Acrobat installed on
> the system where you do signing. PDFBlackbox is more practical from
> this point of view.
>
> With best regards,
> Eugene Mayevski



Another possible commercial solution is Aloaha:

http://www.aloaha.com/wi-software-en/

Regards,
 
Reply With Quote
 
Ari
Guest
Posts: n/a
 
      12-29-2007
On Thu, 27 Dec 2007 11:53:42 +0200, Eugene Mayevski wrote:

> Hello!
> You wrote on Wed, 26 Dec 2007 03:40:05 +0100:
>
> A> Adobe PDF would be useable but it does require that a digital
> A> signature be applied manually. This is problematic for the User base,
> A> an automated solution must be sought.
> ??>> ??>> I am wondering if the best approach would be to find an
> ??>> existing, open source, with code and write the automating functions
>
> Don't know about automation, but if you can do some coding, you can check
> PDFBlackbox ( http://www.eldos.com/sbb/desc-pdf.php ), it can be used to
> apply the signature and it doesn't require Acrobat. You can also use Acrobat
> SDK, but you would need to have Acrobat installed on the system where you do
> signing. PDFBlackbox is more practical from this point of view.
>
> With best regards,
> Eugene Mayevski


Thanks Eugene, this looks like a solid alternative. By automatic, I meant
"without user intervention" as in selecting a particular checkbox
("approved" for instance) the having the software either recognize that
action, insert the signature (wherever appropriate) or we call to the app
to do so.

Btw, Here is something I don't necessarily;y agree, it says "Timestamping
is the vital part of the signing process, which certifies the moment, when
the signature is made. With PDFBlackbox you can apply the timestamp when
you sign the document..."

I suppose they assume that the user has been authenticated (identity) which
leads me to think why the signatory process couldn't be tied to the
verification process. hmmm....
 
Reply With Quote
 
Ari
Guest
Posts: n/a
 
      12-29-2007
On 27 Dec 2007 17:54:37 GMT, nemo_outis wrote:

>> Don't know about automation, but if you can do some coding, you can
>> check PDFBlackbox ( http://www.eldos.com/sbb/desc-pdf.php ), it can be
>> used to apply the signature and it doesn't require Acrobat. You can
>> also use Acrobat SDK, but you would need to have Acrobat installed on
>> the system where you do signing. PDFBlackbox is more practical from
>> this point of view.
>>
>> With best regards,
>> Eugene Mayevski

>
> Another possible commercial solution is Aloaha:
>
> http://www.aloaha.com/wi-software-en/
>
> Regards,


nemo you woof - woof dog you, thanks for the contribute! Solid looking
stuff. Of course, the Customer has a new requirement (wtf do we have
Statements Of Work and Descriptions and Specs for, eh?)

A hand written look-a-like signature in a particular signatory block.

Found this

www.xyzmo.com

Whattya think?
 
Reply With Quote
 
Eugene Mayevski
Guest
Posts: n/a
 
      12-29-2007
Hello!
You wrote on Sat, 29 Dec 2007 10:00:27 -0500:

A> I suppose they assume that the user has been authenticated (identity)
A> which leads me to think why the signatory process couldn't be tied to
A> the verification process. hmmm....

I am not sure that I understand your point/question. The problem with
absense of timestamping is that when the signature is verified several years
later, the certificate, used to sign the document, will most likely be
expired. If there's no timestamp, the validator will alert the user that the
certificate has expired. If the certificate is revoked and this is
discovered by the validator, the validator will complain about this too.

Timestamping lets the validator check when the timestamp was made and not to
alert the user about the expired certificate. If the certificate was
revoked, the validator will compare the revocation moment with the timestamp
and will have a chance to figure out whether the signature was made with a
valid or revoked certificate.

Timestamping authority timestamps the signature (to be precise, the hash of
some data), it doesn't care about what was used to produce the hash.

With best regards,
Eugene Mayevski

 
Reply With Quote
 
Eugene Mayevski
Guest
Posts: n/a
 
      12-29-2007
Hello!
You wrote on Sat, 29 Dec 2007 10:20:03 -0500:

A> stuff. Of course, the Customer has a new requirement (wtf do we have
A> Statements Of Work and Descriptions and Specs for, eh?)
A> A hand written look-a-like signature in a particular signatory block.

Did you check how the Acrobat behaves? You can put the signature image
there. This is how I sign the invoices - I use both the signature image for
printing and the digital signature to prove the authenticity of the
signature image and of the document.

With PDFBlackbox you can do this too. In fact you can customize the
signature appearance in any way you like.

With best regards,
Eugene Mayevski

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Digital Signatures in PDF documents for complete security and privacy E-Lock Digital Signature Computer Support 0 04-27-2007 06:28 AM
Programmatic Digital Signatures zobalee ASP .Net 0 11-29-2006 10:55 PM
backing up digital signatures Ike Java 1 01-12-2006 11:17 PM
digital signatures Jose ASP .Net 0 11-08-2005 12:43 PM
Security Flaw in how Outlook verifies Digital Signatures Roberto Franceschetti Computer Security 5 02-19-2005 04:49 AM



Advertisments