26.01.2012 Khanh Phan Duy - 240474 Introduction What means “sign a digital document”? Why do we need a digital signature? What can we do with Digital Signature? How Digital Signatures Works Step by step Criteria to ensure assurances Difference between sign and encryption How It Works (What behind the software) How to sign a digital document – example with CoSign How to tell if a digital signature is trustworthy What we should do when facing a problem with a signature 1 26.01.2012 • Digital signature • String of ones and zeroes generated by using a digital signature algorithm • Serve the purpose of validation and authenticate digital information – such as documents, e-mail messages, and macros. • Mechanism routine using digital signature into a electronic document, send it then verify we call “sign a digital document” • Organizations need: • Minimize operation cost. • Provide enhanced services • Affect of paper authority into the business workflow • increases organization costs • requires additional time • prohibits organization from realizing the true benefits of a fully electronic workflow 2 26.01.2012 • “Digital signatures enable the replacement of slow and expensive paper-based approval processes with fast, low-cost, and fully digital ones.” • Establish there following assurances: • Authenticity: • The digital signature helps to assure that the signer is who he or she claims to be • Integrity • The digital signature helps to assure that the content has not been changed or tampered with since it was digitally signed • Non-repudiation • The digital signature helps to prove to all parties the origin of the signed content. 3 26.01.2012 • Valid document with signature that satisfies some following criteria: • The digital signature must be valid • The certificate associated with the digital signature is current (not expired) • The signing person or organization, known as the publisher, is trusted. • The certificate associated with the digital signature is issued to the signing publisher by a reputable certificate authority (CA) 4 26.01.2012 When encrypting Susan use Bob’s public key to write message and Bob use his private key to read it. 5 26.01.2012 When signing, we use our private key to write message's signature, and they use our public key to check if it's really us. • Step 1: Getting a Private and Public Key 6 es the validation ss 26.01.2012 Step2: Signing an Electronic Document 1. Initiate the signing process 2. Create a digital signature pts Sean's signature pare Sean’s document print with her ated one 3. Append the signature to the document After installed, simply right click on document we want to sign -> choose Sign with CoSign To add a digital signature, click Sign 7 26.01.2012 Drag the signature field to the desired location We might need to input username and password, which we got through registaration process. Choose signature and simply click Sign Check Digital Signature Details dialog box The date for the time stamp CHECKING FOR THE RED X 8 26.01.2012 • Depend on upon situation we can do anything following: • • • • Contact to the source of the signed document. Contact to IT administrator in charge of security in organization. Save document in to Trust Location to better access. Explicitly trust the publisher. 9 26.01.2012 • • • • • http://www.youdzone.com/signature.html http://www.arx.com/digital-signature/how-it-works http://www.arx.com/digital-signature http://searchsecurity.techtarget.com/definition/digital-signature http://www.cse.unr.edu/~bebis/CS477/Papers/DigitalSignatures.pd f • http://office.microsoft.com/en-us/excel-help/how-to-tell-if-a-digitalsignature-is-trustworthyHA001230875.aspx?CTT=5&origin=HA010099768 • http://office.microsoft.com/en-us/excel-help/get-or-create-yourown-digital-signatureHA010099764.aspx?CTT=5&origin=HA010099768#BMcreateid Access 24/01/2012 10