You are not logged in.

#1 2013-12-19 06:38:25

From: St.-Petersburg, Russia
Registered: 2008-03-03
Posts: 1,366

Digital signatures in real life


I've been trying to grok the concept for a while, not without a modicum of success. Yet the big picture escapes me. I'm interested primarily in electronic document workflow as a substitute for classic paper document workflow. There must be software frameworks serving the concept, protocols of higher level than gpg, industry standards - something like that. Links and keywords are extremely welcome. It's hard to start googling effectively without a keyword or two.


#2 2013-12-19 07:15:54

From: Lisbon, Portugal
Registered: 2008-04-16
Posts: 361

Re: Digital signatures in real life

Maybe how citizenship smartcards work and are used in real life is of interest? Belgium eletronic identity cards and Portuguese citizenship cards support that.

The involved standarts are something like pkcs11, pkcs10, etc. If you understand the way private and public assimetric keys work you will understand the process at high level. From there it's all details on how to actually sign something how to and where get and store the keys, etc.

For example, the portuguese card has 2 pairs of private / public keys. One of them for authenticity purposes and the other pair for signing. It also contains the certificates that form the chain of trust and allow to verify the keys are still valid.

Having a smartcard reader and obviously one of those cards you can just plug it in the laptop, create a document, like a pdf file or even a word file in the office and choose to sign it. Now for example if you sign a pdf file, the person that receives it can just open and it magically says if the signature is valid or not. It does this by magic also tongue.

Ok, not everything is magic. When you sign the document in the process yoru certificate file that contains your public key is attached to it, then when the document is opened it will check the cryptographic signature of the file. Aditional verifications will be done for example in adobe reader, like checking the signature timestamp with an online service and also checking the certificates chain of trust.

But i'm kind sleppy and may be saying something stupid. Someone else can correct me and add more information tongue

Last edited by Diaz (2013-12-19 07:28:06)

Owner of Asus 1215B :: User of Xfce :: Vasco Dias @blog


#3 2013-12-19 07:44:12

From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,176

Re: Digital signatures in real life

Llama wrote:

keywords are extremely welcome.

What about buzzwords?

Or maybe you could define these terms such as "workflows" and "frameworks". You're not going to get anywhere without a KISS statement of the problem and what a solution might look like and why you think gpg is so problematic. Not everyone here is from middle management.

Linux is NOT Windows | The Rootless Root
Toshiba Satellite i5-3230M 2.6GHz CPUs, 4Gb RAM, ArchLinux, wmii, nVidia GeForce GT 740M.


Board footer

Powered by FluxBB