PAdES signatures in itext and the road ahead. Paulo Soares
|
|
- April Miles
- 8 years ago
- Views:
Transcription
1 PAdES signatures in itext and the road ahead Paulo Soares
2 About the speaker Paulo Soares M.Sc. Electronics and Telecomunications Hardware background in military comunication systems Works for Healthcare software (pharmacies, hospitals, clinics, laboratories) Industrial control, automation Software architect itext co-developer since itext Summit 2
3 Some acronyms OSI - Open Systems Interconnection ASN.1 - Abstract Syntax Notation One BER - Basic Encoding Rules DER - Distinguished Encoding Rules IETF - Internet Engineering Task Force RFC Request For Comments CMS Cryptographic Message Syntax CAdES - CMS Advanced Electronic Signatures PAdES - PDF Advanced Electronic Signature Profiles itext Summit 3
4 What is PAdES In July 2009, ETSI (European Telecommunications Standard Institute) has published a new standard that will facilitate secure paperless transactions throughout Europe, in conformance with European legislation. The standard defines a series of profiles for PAdES Advanced Electronic Signatures for PDF documents that meet the requirements of the European Directive on a Community framework for electronic signatures (Directive 1999/93/EC). The new standard was developed by ETSI's Electronic Signatures and Infrastructure (ESI) Technical Committee in collaboration with PDF experts. PDF is defined in a standard ISO , so the ETSI activity included reviewing and documenting how ISO can satisfy the European Directive. The resulting PAdES standard, ETSI Technical Specification (TS) , also introduces a number of adaptations and extensions to PDF to satisfy the Directive's requirements itext Summit 4
5 PAdES summary Part 1: "PAdES Overview - a framework document for PAdES"; Part 2: "PAdES Basic - Profile based on ISO "; Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"; Part 4: "PAdES Long Term - PAdES-LTV Profile"; Part 5: "PAdES for XML Content - Profiles for XAdES signatures" itext Summit 5
6 PAdES Part 1 Provides a general description of support for signatures in PDF documents including use of XML signatures to protect XML data in PDF documents; Lists the features of the PDF profiles specified in other parts of the document; Describes how the profiles may be used in combination itext Summit 6
7 PAdES Part 2 Profiles the use of PDF signatures, as described in ISO and based on CMS, for its use in any application areas where PDF is the appropriate technology for exchange of digital documents including interactive forms itext Summit 7
8 PAdES Part 2 SubFilter value adbe.pkcs7.detached adbe.pkcs7.sha1 adbe.x509.rsa.sha1a Message Digest SHA1 (PDF 1.3) SHA256 (PDF 1.6) SHA384 (PDF 1.7) SHA512 (PDF 1.7) RIPEMD160 (PDF 1.7) SHA1 (PDF 1.3)b SHA1 (PDF 1.3) SHA256 (PDF 1.6) SHA384 (PDF 1.7) SHA512 (PDF 1.7) RIPEMD160 (PDF 1.7) RSA Algorithm Support Up to 1024-bit (PDF 1.3) Up to 2048-bit (PDF 1.5) Up to 4096-bit (PDF 1.5) See adbe.pkcs7.detached See adbe.pkcs7.detached DSA Algorithm Support Up to 4096-bits (PDF 1.6) See adbe.pkcs7.detached No a Despite the appearance of sha1 in the name of this SubFilter value, supported encodings shall not be limited to the SHA1 algorithm. The PKCS#1 object contains an identifier that indicates which algorithm shall be used. b Other digest algorithms may be used to digest the signed-data field; however, SHA1 shall be used to digest the data that is being signed itext Summit 8
9 PAdES Part 3 Profiles the use of PDF Signatures specified in ISO with an alternative signature encoding to support signature formats equivalent to the signature forms CAdES-BES, CAdES-EPES and CAdES-T as Specified in TS The PAdES-BES profile supports basic CMS (RFC 3852) signature features as specified TS with the additional protection against signing certificate substitution. The PAdES-EPES profile extends the PAdES-BES profile to include signature policies itext Summit 9
10 PAdES Part 4 Profiles the electronic signature formats found in ISO [1] to support Long Term Validation (LTV) of PDF Signatures Specifies how to include validation information in a PDF Document and to further protect the document using time-stamps so that it is possible to subsequently verify a PDF Signature long after it was signed. This profile may be used to support long term validation of: PDF Signatures to profiles specified in TS PDF Signatures to profiles specified in TS PDF Signatures to profiles specified in TS itext Summit 10
11 PAdES Part itext Summit 11
12 PAdES Part 5 Defines four profiles that together profile the usage of XAdES signatures, as defined in TS , for signing XML content within the PDF containers itext Summit 12
13 PAdES support in itext Full support of PAdES Part 2 Support of PAdES Part 3 with an external signature Full support of PAdES Part 4 No support of PAdES Part itext Summit 13
14 PAdES Part 2 in itext Direct support of adbe.x509.rsa.sha1 Direct support of adbe.pkcs7.sha1 Support of adbe.pkcs7.detached as an external signature but itext does the signing itext Summit 14
15 adbe.x509.rsa.sha1 signing KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream("my_private_key.pfx"), "my_password".tochararray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".tochararray()); Certificate[] chain = ks.getcertificatechain(alias); PdfReader reader = new PdfReader("original.pdf"); FileOutputStream fout = new FileOutputStream("signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); PdfSignatureAppearance sap = stp.getsignatureappearance(); sap.setcrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED); sap.setreason("i'm the author"); sap.setlocation("lisbon"); sap.setvisiblesignature(new Rectangle(100, 100, 200, 200), 1, null); stp.close(); itext Summit 15
16 adbe.pkcs7.sha1 signing KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream("my_private_key.pfx"), "my_password".tochararray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".tochararray()); Certificate[] chain = ks.getcertificatechain(alias); PdfReader reader = new PdfReader("original.pdf"); FileOutputStream fout = new FileOutputStream("signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); PdfSignatureAppearance sap = stp.getsignatureappearance(); sap.setcrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED); sap.setreason("i'm the author"); sap.setlocation("lisbon"); sap.setvisiblesignature(new Rectangle(100, 100, 200, 200), 1, null); stp.close(); itext Summit 16
17 adbe.pkcs7.detached signing PdfSignatureAppearance sap = stp.getsignatureappearance(); sap.setcrypto(null, chain, null, PdfSignatureAppearance.SELF_SIGNED); PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName("adbe.pkcs7.detached")); dic.setdate(new PdfDate(sap.getSignDate())); sap.setcryptodictionary(dic); HashMap<PdfName,Integer> exc = new HashMap<PdfName,Integer>(); exc.put(pdfname.contents, new Integer(contentEstimated * 2 + 2)); sap.preclose(exc); PdfPKCS7 sgn = new PdfPKCS7(pk, chain, null, "SHA1", null, false); InputStream data = sap.getrangestream(); MessageDigest messagedigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; while ((n = data.read(buf)) > 0) messagedigest.update(buf, 0, n); byte hash[] = messagedigest.digest(); Calendar cal = Calendar.getInstance(); TSAClient tsc = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW); byte[] ocsp = new OcspClientBouncyCastle((X509Certificate)chain[0], (X509Certificate)chain[1], url).getencoded(); byte sh[] = sgn.getauthenticatedattributebytes(hash, cal, ocsp); sgn.update(sh, 0, sh.length); byte[] encodedsig = sgn.getencodedpkcs7(hash, cal, tsc, ocsp); byte[] paddedsig = new byte[contentestimated]; System.arraycopy(encodedSig, 0, paddedsig, 0, encodedsig.length); PdfDictionary dic2 = new PdfDictionary(); dic2.put(pdfname.contents, new PdfString(paddedSig).setHexWriting(true)); sap.close(dic2); itext Summit 17
18 PAdES Part 3 in itext No direct support but possible to use an external signature itext currently has no capabilities to assist in the signing itext Summit 18
19 PAdES Part 4 in itext Full LTV support both in Document security Store and Timestamp itext Summit 19
20 PAdES Part 4 in itext PdfReader r = new PdfReader(IN_FILE); FileOutputStream fout = new FileOutputStream(OUT_FILE); PdfStamper stp = PdfStamper.createSignature(r, fout, '\0', null, true); LtvVerification v = stp.getltvverification(); AcroFields af = stp.getacrofields(); for (String signame : af.getsignaturenames()) { v.addverification(signame, new OcspClientBouncyCastle(), new CrlClientImp(), LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO); } PdfSignatureAppearance sap = stp.getsignatureappearance(); TSAClientBouncyCastle tsa = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW, 6500, "sha256"); LtvTimestamp.timestamp(sap, tsa, null); itext Summit 20
21 itext sign architecture Certificate encryption Validation AcroFields.verifySignature() Signing PdfSignatureAppearance, PdfPKCS7 Open Source Modify at will itext Summit 21
22 Shortcomings of itext signing architecture Monolithic Impossible to open a certificate encrypted PDF with a smartcard with C# Impossible to plug-in another validation engine/logic Arbitrary signing is possible with an external signature but itext won t assist much in the process Open Source no urgency in providing a decent interface itext Summit 22
23 New itext signing architecture Based on the factory pattern Plug-in for certificate encryption, validation and signing Standard plug-in for detached signing and CAdES signing itext Summit 23
ETSI TS 102 778-1 V1.1.1 (2009-07) Technical Specification
TS 102 778-1 V1.1.1 (2009-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 1: PAdES Overview - a framework document for PAdES
More informationETSI TS 102 778-3 V1.1.2 (2009-12) Technical Specification
TS 102 778-3 V1.1.2 (2009-12) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 3: PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles
More informationTechNote 0006: Digital Signatures in PDF/A-1
TechNote 0006: Digital Signatures in PDF/A-1 Digital signatures are primarily used to check the integrity of the signed part of the document. They also can be used to authenticate the signer s identity
More informationDigital Signature Service. version : 4.7-SNAPSHOT - 2016-05-09
Digital Signature Service version : 4.7-SNAPSHOT - 2016-05-09 Table of Contents Introduction............................................................................... 1 Purpose of the document..................................................................
More informationIn accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION
In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), the Minister of Telecommunications and Information Society hereby promulgates REGULATION
More informationETSI TS 102 778 V1.1.1 (2009-04) Technical Specification
TS 102 778 V1.1.1 (2009-04) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; CMS Profile based on ISO 32000-1 2 TS 102 778 V1.1.1 (2009-04)
More informationDigital Signature Service. version : 4.6.0-2016-02-22
Digital Signature Service version : 4.6.0-2016-02-22 Table of Contents Introduction................................................................................... 1 Purpose of the document.....................................................................
More informationNormas ETSI e IETF para Assinatura Digital. Ernandes Lopes Bezerra. Ernandes. 26 de dezembro de 2012
Normas ETSI e IETF para Assinatura Digital Lopes Bezerra 26 de dezembro de 2012 by 1 Acrônimos TERMO BES CAdES CMS DER DNS DN EPES ETSI HTTP IETF LCR LDAP LTV OID PAdES PDF TR TS URI URL XAdES DESCRIÇÃO
More informationETSI TS 102 778-5 V1.1.1 (2009-07) Technical Specification
TS 102 778-5 V1.1.1 (2009-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 5: PAdES for XML Content - Profiles for XAdES signatures
More informationSpecifying the content and formal specifications of document formats for QES
NATIONAL SECURITY AUTHORITY Version 1.0 Specifying the content and formal specifications of document formats for QES 24 July 2007 No.: 3198/2007/IBEP-013 NSA Page 1/14 This English version of the Slovak
More informationDigital Signatures in a PDF
This document describes how digital signatures are represented in a PDF document and what signature-related features the PDF language supports. Adobe Reader and Acrobat have implemented all of PDF s features
More informationMultiple electronic signatures on multiple documents
Multiple electronic signatures on multiple documents Antonio Lioy and Gianluca Ramunno Politecnico di Torino Dip. di Automatica e Informatica Torino (Italy) e-mail: lioy@polito.it, ramunno@polito.it web
More informationWhite Paper. Digital signatures from the cloud Basics and Applications
White Paper Digital signatures from the cloud Basics and Applications Contents Basics of digital signature...3 Electronic documents and signature...3 Electronic signature...3 Digital signature...4 Standards
More informationETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI 2015. All rights reserved
ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance esignature Standards Framework Certificate Authority Time-stamping Signing Servers Validation
More informationETSI TS 102 778-4 V1.1.1 (2009-07) Technical Specification
TS 102 778-4 V1.1.1 (2009-07) Technical Specification Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 4: PAdES Long Term - PAdES-LTV Profile 2 TS 102 778-4
More informationRepresentation of E-documents in AIDA Project
Representation of E-documents in AIDA Project Diana Berbecaru Marius Marian Dip. di Automatica e Informatica Politecnico di Torino Corso Duca degli Abruzzi 24, 10129 Torino, Italy Abstract Initially developed
More informationElectronic Signature. István Zsolt BERTA istvan@berta.hu. Public Key Cryptographic Primi4ves
Electronic Signature István Zsolt BERTA istvan@berta.hu Public Key Cryptographic Primi4ves 1 Electronic Signatures - Contents 1. Public key cryptography primiaves 2. CerAficates, CerAficate AuthoriAes,
More informationPkBox Technical Overview. Ver. 1.0.7
PkBox Technical Overview Ver. 1.0.7 14 September 2015 All the information in this document is and can t be used entirely or in part without a written permission from Intesi Group S.p.A. Le informazioni
More information.NET Digital Signature Library User Manual
.NET Digital Signature Library User Manual Introduction The main function of.net Digital Signature Library is to digitally sign files in PDF or PKCS#7 cryptographic standard (.P7S or.p7m files) using X.509
More informationBest prac*ces in Cer*fying and Signing PDFs
over 10 years of securing identities, web sites & transactions Best prac*ces in Cer*fying and Signing PDFs Paul van Brouwershaven Business Development Director EMEA, GlobalSign @vanbroup on TwiEer INTERNATIONAL
More informationHow to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server
How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server Introduction Time stamping is an important mechanism for the long-term preservation of digital signatures, time
More informationSubmitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex
Submitted to the EC on 03/06/2012 COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex e-justice Communication via Online Data Exchange ICT PSP call identifier:
More informationCertificate Path Validation
Version 1.4 NATIONAL SECURITY AUTHORITY Version 1.4 Certificate Path Validation 19 th November 2006 No.: 1891/2006/IBEP-011 NSA Page 1/27 NATIONAL SECURITY AUTHORITY Department of Information Security
More informationDigital Signature Verification using Historic Data
Digital Signature Verification using Historic Data Digital signatures are now relatively common; however historic verification of digitally signed data is not so widely understood. As more data is held
More informationAGENDA ITEM 15-16 : ELECTRONIC SIGNATURE
SCREENING CHAPTER 10 Country Session: 13- Content Legislation Main Points of Turkish Electronic Signature Legislation Electronic Certificate Service Providers and Market Standardization Aspect of Electronic
More informationLong term electronic signatures or documents retention
Long term electronic s or documents retention IWAP 2004 Yuichi Suzuki SECOM IS Laboratory IWAP 2004 Yuichi Suzuki (SECOM IS Lab) 1 Problem of validity period of certificate PKI does work well in a validity
More informatione-szigno Digital Signature Application
MICROSEC Software Development Ltd. e-szigno Digital Signature Application Microsec Software Development Ltd. www.e-szigno.hu www.microsec.hu 1031 Budapest, Záhony utca 7. (+36-1) 505-4444 Cg. 01-09-078353
More information2.1 The scope of Time Stamping Protocol (TSP)
XML Security Time Stamping Protocol Axelle Apvrille Vincent Girier Storage Technology European Operations 1 Rd Point Général Eisenhower 31106 Toulouse, France Axelle Apvrille,Vincent Girier @storagetek.com
More informationCERTIFICATE REVIEW RECORD
REVIEW HUNGUARD Informatics and IT R&D and General Service Provider Ltd. as a certification authority assigned by the assignment document No. 001/2010 of the Minister of the Prime Minister s Office of
More informationExploring ADSS Server Signing Services
ADSS Server is a multi-function server providing digital signature creation and signature verification services, as well as supporting other infrastructure services including Time Stamp Authority (TSA)
More informationTECHNICAL INTEROPERABILITY STANDARD
TECHNICAL INTEROPERABILITY STANDARD For the Spanish Public Administration E-Signature and Certificate Policy GOBIERNO DE ESPAÑA MINISTERIO DE HACIENDA Y ADMINISTRACIONES PÚBLICAS SECRETARÍA DE ESTADO DE
More informationCERTIFICATION PRACTICE STATEMENT UPDATE
CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.
More informationTechnical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for
Technical Description DigitalSign 3.1 State of the art legally valid electronic signature The best, most secure and complete software for Adding digital signatures to any document, in conformance with
More informationCALIFORNIA SOFTWARE LABS
; Digital Signatures and PKCS#11 Smart Cards Concepts, Issues and some Programming Details CALIFORNIA SOFTWARE LABS R E A L I Z E Y O U R I D E A S California Software Labs 6800 Koll Center Parkway, Suite
More informationDigital Signature Service. e-contract.be BVBA info@e-contract.be 2 september 2015
Digital Signature Service e-contract.be BVBA info@e-contract.be 2 september 2015 About e-contract.be BVBA Consultancy Projects: eid/security related only SOA security From analysis to operational hosting
More informationPackage PKI. February 20, 2013
Package PKI February 20, 2013 Version 0.1-1 Title Public Key Infrastucture for R based on the X.509 standard Author Maintainer Depends R (>=
More informationNISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards
NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David A. Cooper NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards David
More informationFOR A PAPERLESS FUTURE. Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic
FOR A PAPERLESS FUTURE Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic PAPER IS EVERYWHERE WHY IS THAT? Please no more! Every large organization is typically large paper producer Banks, insurance,
More informationETSI TR 119 000 V0.0.3 (2014-01)
TR 119 000 V0.0.3 (2014-01) TECHNICAL REPORT Electronic Signatures and Infrastructures (ESI); Rationalised structure for Electronic Signature Standardisation COMPLETE DRAFT FOR PUBLIC REVIEW UNTIL 7 MARCH
More informationCertification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions.
The X.509 standard, PKI and electronic uments Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dipartimento di Automatica e Informatica Certification Authority (4) cert repository (cert, CRL) Certification
More informationDigital Signature: Efficient, Cut Cost and Manage Risk. Formula for Strong Digital Security
Digital Signature: Efficient, Cut Cost and Manage Risk Formula for Strong Digital Security Signature Rafidah Ariffin A person s name written in a distinctive way, pattern or characteristic as a form of
More informationElectronic Documents with Signature Constraints
Electronic Documents with Signature Constraints Felipe C. Werlang 1, Ricardo F. Custódio 1, Roberto Araújo 2 1 Departamento de Informática e Estatística Universidade Federal de Santa Catarina (UFSC) Caixa
More informationEntrust Certificate Services. Java Code Signing. User Guide. Date of Issue: December 2014. Document issue: 2.0
Entrust Certificate Services Java Code Signing User Guide Date of Issue: December 2014 Document issue: 2.0 Copyright 2009-2014 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationNEMA Standards Publication PS 3 Supplement 41. Digital Imaging and Communications in Medicine (DICOM) Digital Signatures
NEMA Standards Publication PS 3 Supplement 1 Digital Imaging and Communications in Medicine (DICOM) Digital Signatures Status: Final Text Sep 001 Prepared by DICOM Standards Committee, Working Group 1
More informationThe Direct Project. Implementation Guide for Direct Project Trust Bundle Distribution. Version 1.0 14 March 2013
The Direct Project Implementation Guide for Direct Project Trust Bundle Distribution Version 1.0 14 March 2013 Version 1.0, 14 March 2013 Page 1 of 14 Contents Change Control... 3 Status of this Guide...
More informationBiometrics, Tokens, & Public Key Certificates
Biometrics, Tokens, & Public Key Certificates The Merging of Technologies TOKENEER Workstations WS CA WS WS Certificate Authority (CA) L. Reinert S. Luther Information Systems Security Organization Biometrics,
More informationSSO Eurécia. and external Applications. Purpose
SSO Eurécia Purpose This document describes the way to manage SSO connection and external applications. The users logged to the external application by entering his credentials then access to Eurécia without
More informationValidity Models of Electronic Signatures and their Enforcement in Practice
Validity Models of Electronic Signatures and their Enforcement in Practice Harald Baier 1 and Vangelis Karatsiolis 2 1 Darmstadt University of Applied Sciences and Center for Advanced Security Research
More informationETSI TS 101 903 V1.4.2 (2010-12) Technical Specification. Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES)
TS 101 903 V1.4.2 (2010-12) Technical Specification Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES) 2 TS 101 903 V1.4.2 (2010-12) Reference RTS/ESI-000112 Keywords
More informationPDF Signer User Manual
PDF Signer User Manual Introduction The main function of PDF Signer is to sign PDF documents using X.509 digital certificates. Using this product you can quickly sign multiple PDF files (bulk sign) by
More informationmod_ssl Cryptographic Techniques
mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises
More informationOpen Source eid Projects
Open Source eid Projects RMLL Frank Cornelis 10/07/2013 Agenda Overview eid Cryptography in Java via JCA RSA, PKI, jtrust, eid Trust Service Integration levels for eid eid Applet Commons eid eid Identity
More informationSTANDARDISIERUNG FÜR EIDAS IM MANDATE/460
STANDARDISIERUNG FÜR EIDAS IM MANDATE/460 TeleTrusT Signaturtag 17.09.2015 ETSI 2014. All rights reserved STANDARDISIERUNG FÜR EIDAS IM MANDATE/460 TeleTrusT Signaturtag 17.09.2015 ETSI 2014. All rights
More informationETSI TS 102 280 V1.1.1 (2004-03)
TS 102 280 V1.1.1 (2004-03) Technical Specification X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons 2 TS 102 280 V1.1.1 (2004-03) Reference DTS/ESI-000018 Keywords electronic signature,
More informationNIST-Workshop 10 & 11 April 2013
NIST-Workshop 10 & 11 April 2013 EUROPEAN APPROACH TO OVERSIGHT OF "TRUST SERVICE PROVIDERS" Presented by Arno Fiedler, Member of European Telecommunications Standards Institute Electronic Signatures and
More informationETSI TS 102 639-5 V1.1.1 (2009-04) Technical Specification
TS 102 639-5 V1.1.1 (2009-04) Technical Specification Access and Terminals, Transmission and Multiplexing (ATTM); Third Generation Transmission Systems for Interactive Cable Television Services - IP Cable
More informationPackage PKI. July 28, 2015
Version 0.1-3 Package PKI July 28, 2015 Title Public Key Infrastucture for R Based on the X.509 Standard Author Maintainer Depends R (>= 2.9.0),
More informationDECREE 132 of the National Security Authority. dated from 26 March 2009
DECREE 132 of the National Security Authority dated from 26 March 2009 on the conditions for providing accredited certification services and requirements for an audit, the extent of an audit and the qualification
More informationBDOC FORMAT FOR DIGITAL SIGNATURES
:2013 BDOC FORMAT FOR DIGITAL SIGNATURES Version 2.1:2013 OID: 1.3.6.1.4.1.10015.1000.3.2.1 Table of Contents INTRODUCTION... 2 1. SCOPE... 3 2. REFERENCES... 4 3. DEFINITIONS AND ABBREVIATIONS... 5 4.
More informationDigital Signing without the Headaches
Digital Signing without the Headaches Nick Pope 1 Juan Carlos Cruellas 2 1 Security & Standards Associates Grays, Essex, United Kingdom nickpope@secstan.com 2 Universitat Politècnica de Catalunya Barcelona,
More information<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008
Oracle Security Developer Tools (OSDT) August 2008 Items Introduction OSDT 10g Architecture Business Benefits Oracle Products Currently Using OSDT 10g OSDT 10g APIs Description OSDT
More informationStudy on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile
Study on Mutual Recognition of esignatures: update of Country Profiles Icelandic country profile This report / paper was prepared for the IDABC programme by: Coordinated by: Hans Graux (time.lex), Brigitte
More informationLinShare project version 0.8 File sharing and vault application
LinShare project version 0.8 File sharing and vault application RMLL 2010 Slideshow LinShare project LinShare uses : File sharing - Big files support - Enterprise directory support - Group management -
More informationSignature policy for TUPAS Witnessed Signed Document
Signature policy for TUPAS Witnessed Signed Document Policy version 1.0 Document version 1.1 1 Policy ID and location Policy ID Name URL urn:signicat:signaturepolicy:tupas wsd:1.0 Signature policy for
More informationCryptography and Network Security Chapter 15
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North
More informationDIGITAL SIGNATURE FOR EANCOM MESSAGES
Digital Signatures for EACOM Messages DIGITAL SIGATURE FOR EACOM MESSAGES GS1 Implementation Guidelines EACOM TDT DOCUMET v1.0 Page 1 Digital Signatures for EACOM Messages TABLE OF COTETS 1 Introduction...
More informationETSI TS 101 903 V1.3.2 (2006-03)
TS 101 903 V1.3.2 (2006-03) Technical Specification XML Advanced Electronic Signatures (XAdES) 2 TS 101 903 V1.3.2 (2006-03) Reference RTS/ESI-000034 Keywords e-commerce, electronic signature, security
More informationAl-Wakaye Al-Mesreya / Government Bulletin - Issue No. 115 (Supplement) Dated 25 May 2005
Al-Wakaye Al-Mesreya / Government Bulletin - Issue No. 115 (Supplement) Dated 25 May 2005 Ministry of Communications And Information Technology Decree No. 109 Of The Year 2005 Dated 15/5/2005 Issuing The
More informationPEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy
PEXA Public Key Infrastructure (PKI) Certification Authority Certificate Policy Version: 1.0 Issued: August 2014 Status: Final PEXA Certification Authority Certificate Profile 1. Introduction Property
More informationDetailed Specifications
1 of 6 Appendix Detailed Specifications 1. Standards The following standards are used in the document under the following abbreviations: - BASE32, BASE64, BASE64-URL: Network Working Group: Request for
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-3 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William E. Burr Hildegard Ferraiolo David Cooper I N F
More informationX.500 and LDAP Page 1 of 8
X.500 and LDAP Page 1 of 8 Introduction OCLC has completed its investigation of the two proposed electronic access protocols for the ILL Policies Directory. The first is X.500, a directory protocol standard
More informationSAFE Digital Signatures in PDF
SAFE Digital Signatures in PDF Ed Chase Adobe Systems Digital Signatures in PDF Digital Signature Document Digital ID Doc Digest Signer s digital identity is bound to document Modifying document invalidates
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-2 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y
More informationATSC Standard: ATSC Security and Service Protection Standard
ATSC Standard: ATSC Security and Service Protection Standard Doc. A/106 28 September 2015 Advanced Television Systems Committee 1776 K Street, N.W. Washington, D.C. 20006 202-872-9160 1 The Advanced Television
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email
CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure
More informationDEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
DEFENSE INFORMATION SYSTEMS AGENCY JOINT INTEROPERABILITY TEST COMMAND FORT HUACHUCA, ARIZONA DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
More informationBERserk Vulnerability
Intel Security: Advanced Threat Research BERserk Vulnerability Part 2: Certificate Forgery in Mozilla NSS October 6, 2014 Contents DigestInfo ASN.1 Decoding Vulnerabilities in Mozilla NSS... 2 Forging
More informationAlternate Representations of the Public Key Cryptography Standards (PKCS) Using S-Expressions, S-PKCS
Alternate Representations of the Public Key Cryptography Standards (PKCS Using S-Expressions, S-PKCS Matthew D. Wood Carl M. Ellison Intel Security Technology Lab Alternate Representations of the Public
More informationPKI - current and future
PKI - current and future Workshop for Japan Germany Information security Yuichi Suzuki yuich-suzuki@secom.co.jp SECOM IS Laboratory Yuichi Suzuki (SECOM IS Lab) 1 Current Status of PKI in Japan Yuichi
More informationDATEVe:secure MAIL V1.1. ISIS-MTT-Assessment Report
DATEVe:secure MAIL V1.1 DATEV eg ISIS-MTT-Assessment Report Version 1.1 Date 08. July 2004 Hans-Joachim Knobloch, Fritz Bauspiess Secorvo Security Consulting GmbH Albert-Nestler-Straße 9 D-76131 Karlsruhe
More informationDIRECTOR GENERAL OF THE LITHUANIAN ARCHIVES DEPARTMENT UNDER THE GOVERNMENT OF THE REPUBLIC OF LITHUANIA
Non-official translation DIRECTOR GENERAL OF THE LITHUANIAN ARCHIVES DEPARTMENT UNDER THE GOVERNMENT OF THE REPUBLIC OF LITHUANIA ORDER ON THE CONFIRMATION OF THE SPECIFICATION ADOC-V1.0 OF THE ELECTRONIC
More informationPaper-based Document Authentication using Digital Signature and QR Code
2012 4T International Conference on Computer Engineering and Technology (ICCET 2012) Paper-based Document Authentication using Digital Signature and QR Code Maykin Warasart and Pramote Kuacharoen Department
More informationOpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.
OpenADR 2.0 Security Jim Zuber, CTO QualityLogic, Inc. Security Overview Client and server x.509v3 certificates TLS 1.2 with SHA256 ECC or RSA cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256
More informationGuidelines for Developing Cryptographic Service Providers (CSPs) for Acrobat on Windows
Technical Note Providers (CSPs) for Acrobat C ONTENTS Requirements for Minimal Functionality 1 Recommendations for Maximum Functionality 2 For a Better User Experience Using CSPs in Acrobat 3 Other Recommendations
More informationOperating a CSP in Switzerland or Playing in the champions league of IT Security
Operating a CSP in Switzerland or Playing in the champions league of IT Security Agenda SwissSign Technology Products and Processes Legal Aspects and Standards Business Model Future Developments 2 SwissSign
More informationElectronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure
Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by
More informationTechnical Specification Electronic Signatures and Infrastructures (ESI); ASiC Baseline Profile
TS 103 174 V2.2.1 (2013-06) Technical Specification Electronic Signatures and Infrastructures (ESI); ASiC Baseline Profile 2 TS 103 174 V2.2.1 (2013-06) Reference RTS/ESI-0003174v221 Keywords ASiC, electronic
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationAdditional Information. OpenLimit Middleware Version 3 Server Product Version: 1.2 Help Manual. Date: 23.03.2012 Document version: 1.
Additional Information OpenLimit Middleware Version 3 Server Product Version: 1.2 Help Manual Date: 23.03.2012 Document version: 1.1 OpenLimit SignCubes AG 2012 This documentation is the intellectual property
More informationCrittografia e sicurezza delle reti. Digital signatures- DSA
Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case
More informationCommunication Security for Applications
Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer
More informationNetwork Security Essentials Chapter 7
Network Security Essentials Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 7 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,
More informationInteroperability Guidelines for Digital Signature Certificates issued under Information Technology Act
for Digital Signature Certificates issued under Information Technology Act Version 2.4 December 2009 Controller of Certifying Authorities Department of Information Technology Ministry of Communications
More informationElectronic Archive Information System
107 Electronic Archive Information System Saulius RAGAISIS a,1, Adomas BIRSTUNAS b, Antanas MITASIUNAS b and b Arunas STOCKUS a Software Engineering Department, Vilnius University, Lithuania b Computer
More informationRandomized Hashing for Digital Signatures
NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department
More informationNumber of relevant issues
Electronic signature Lecture 8 Number of relevant issues cryptography itself algorithms for signing documents key management generating keys, distribution, key revocation security policy certificates may
More informationCategory: Standards Track June 1999
Network Working Group P. Hoffman, Editor Request for Comments: 2634 Internet Mail Consortium Category: Standards Track June 1999 Status of this Memo Enhanced Security Services for S/MIME This document
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More information