tags:

views:

29

answers:

2
+1  Q: 

Open and verify signed documents

Hello, I have clear the process to sign a document. You need a certificate made by a CA. You have a public and private key. With the private you sign and with the public the people open your signed document. When you sign a document a math algoritm process the file and then generate a hash, later with the private key this hash is encrypted. Finally I need to add (concat) this encrypted hash to the document.

Now, to open this document I need to separate the encrypt hash code from the document. And I need the public key to verify the validity of the document. This is very clear for me.

So.. The questions is... From where the people get the public key??? And how I check who sign the document??

Do I need to append my certificate to the document that I want to sing?? If It's true. Is that not insecur??? give my certificate to everyone??

thanks,

A: 

What you are asking about is a public-private key cryptosystem. In RSA (one particular such system), the "public" and "private" keys are actually just two numbers that are prime factors of a larger number. Due to how modular exponentiation works (I'm not going to explain the math), the effect is that:

  • Anything encrypted with the "public" key can be decrypted with the "private" key
  • Anything encrypted with the "private" key can be decrypted with the "public" key

It works both ways. Now, after generating the pair, you keep one of them. That's the "private" one. To the other half, you add some identity information. In the case of X.509 (one particular certificate format), you add a "common name" and some auxiliary information like a date of creation. This is added to the "public" half of the certificate. This half of the certificate, the public key, you distribute somehow.

In the case of document signing, the distribution method is usually that you attach the public key. "Who signed the document" is answered by the X.509 certificate "common name" field. This will look something like "cn=Joe Blow, o=Widgets Inc, l=Washington, st=DC, c=US". You aren't giving the "certificate" to everyone - just the public portion. All that lets people do is:

  • Verify your signatures
  • Encrypt messages in such a way that only you can decrypt them

This doesn't let people forge messages so that they appear to be from you.

Borealid  2010-08-18 22:16:41
In the last paragraph.. You say that people can verify my signatures. Verifing has a big scope. I can verify the document signature, that's clear. But.. Can I verify if the certificate with which the X person signed a file isn't revoked, using the public portion of the certificate that I attached to the file?? Is it possible?In other way.. Is there any standart to attach this public portion of the certificate and the sign to the files??I mean.. In a pdf.. where I have to put this information? In a doc?, in a docx?Do you know framework in Java that implements these requeriments?
oracleruiz  2010-08-19 14:46:21
@oracleruiz: Non-revocation is handled in real-time via OCSP, a protocol where the recipient contacts a server and checks if the cert is revoked. It's also handled in a delayed fashion by CRLDPs, which distribute a list of revoked certificates which is downloaded by the client. Both the CRLDPs and OCSP servers may be specified in the certificate. There is no one-size-fits-all standard for attaching keys to documents. It depends on the document type. I don't know about how the particular docs implement it.
Borealid  2010-08-19 16:00:51
A: 

The hash is not "concatenated" to the document. Various data signing standards (PKCS#7, CAdES for generic data, XMLDSig for XML, PDF specification for PDF documents) describe different ways to incorporate signature data into the output file. All of these formats allow you to include the public key (usually X.509 certificate) together with the data for verification. And the goal of verifier is also to check whether the key itself is valid. Alternatively, the user might be supposed to know the public key.

Eugene Mayevski 'EldoS Corp  2010-08-19 05:49:10
Thanks Do you know some API or framework that implement these standards in Java??
oracleruiz  2010-08-19 15:52:39
iText can be used for PDF signing. There exist some solutions for XMLDSig and PKCS#7 (you can find them in Google). As for CAdES - I have no information but I think something must be available. We are going to port our SecureBlackbox product to Java, but this will happen only in 8-10 months.
Eugene Mayevski 'EldoS Corp  2010-08-19 17:14:03

related questions

How do I access the digital signature of an InfoPath form from a workflow created with SharePoint Designer?
How do I digitally sign and trust a message in a distributed program I know can be reverse engineered?
Error occurred while decoding OAEP padding
Error occurred while decoding OAEP padding
checkmark when pdf signed with iText
Digitally sign in PHP using private key, verify in C#
Would a login system based on digital signing be a good idea?
Should interop assemblies be signed?
X.509 Digital Signatures printed
Generate PDF with digital signature
Maintaining message integrity
CAPICOM - Verify SignedCode is from a Trusted Publisher without UI
CDSA - CSSM_X509_EXTENSIONS from SecCertificateRef
Is it possible to digitally sign an Adobe LiveCycle HTML Form ?
Using SHA1 and RSA with java.security.Signature vs. MessageDigest and Cipher
PC/SC Functions for Digital Signature
What to use? Digital signature?
How to verify an exe/dll/sys is original from Microsoft?
m_safeCertContext is an invalid handle
Digitally sign pdfs
Check the signature on large data sets efficiently using JCA
Any delphi component for digital signing documents?
Digital signature in PDF
How to Digitally Sign PDF files
.NET ClickOnce and Vista start-up