You are not logged in.

#1 2013-12-19 06:38:25

Llama
Member
From: St.-Petersburg, Russia
Registered: 2008-03-03
Posts: 1,309

Digital signatures in real life

Hi,

I've been trying to grok the concept for a while, not without a modicum of success. Yet the big picture escapes me. I'm interested primarily in electronic document workflow as a substitute for classic paper document workflow. There must be software frameworks serving the concept, protocols of higher level than gpg, industry standards - something like that. Links and keywords are extremely welcome. It's hard to start googling effectively without a keyword or two.

Offline

#2 2013-12-19 07:15:54

Diaz
Member
From: Lisbon, Portugal
Registered: 2008-04-16
Posts: 361
Website

Re: Digital signatures in real life

Maybe how citizenship smartcards work and are used in real life is of interest? Belgium eletronic identity cards and Portuguese citizenship cards support that.

The involved standarts are something like pkcs11, pkcs10, etc. If you understand the way private and public assimetric keys work you will understand the process at high level. From there it's all details on how to actually sign something how to and where get and store the keys, etc.

For example, the portuguese card has 2 pairs of private / public keys. One of them for authenticity purposes and the other pair for signing. It also contains the certificates that form the chain of trust and allow to verify the keys are still valid.

Having a smartcard reader and obviously one of those cards you can just plug it in the laptop, create a document, like a pdf file or even a word file in the office and choose to sign it. Now for example if you sign a pdf file, the person that receives it can just open and it magically says if the signature is valid or not. It does this by magic also tongue.

Ok, not everything is magic. When you sign the document in the process yoru certificate file that contains your public key is attached to it, then when the document is opened it will check the cryptographic signature of the file. Aditional verifications will be done for example in adobe reader, like checking the signature timestamp with an online service and also checking the certificates chain of trust.

But i'm kind sleppy and may be saying something stupid. Someone else can correct me and add more information tongue

Last edited by Diaz (2013-12-19 07:28:06)


Owner of Asus 1215B :: User of Xfce :: Vasco Dias @blog

Offline

#3 2013-12-19 07:44:12

/dev/zero
Member
From: Melbourne, Australia
Registered: 2011-10-20
Posts: 1,176
Website

Re: Digital signatures in real life

Llama wrote:

keywords are extremely welcome.

What about buzzwords?

Or maybe you could define these terms such as "workflows" and "frameworks". You're not going to get anywhere without a KISS statement of the problem and what a solution might look like and why you think gpg is so problematic. Not everyone here is from middle management.


Linux is NOT Windows | The Rootless Root
Toshiba Satellite i5-3230M 2.6GHz CPUs, 4Gb RAM, ArchLinux, wmii, nVidia GeForce GT 740M.

Offline

Board footer

Powered by FluxBB