Electronic Signature. István Zsolt BERTA istvan@berta.hu. Public Key Cryptographic Primi4ves

Similar documents
Digital Signature Verification using Historic Data

Certificate Path Validation

Informa4on Security Management at Cer4ficate Authori4es

Digital Signature: Efficient, Cut Cost and Manage Risk. Formula for Strong Digital Security

Long term electronic signatures or documents retention

Best prac*ces in Cer*fying and Signing PDFs

TECHNICAL INTEROPERABILITY STANDARD

Signature policy for TUPAS Witnessed Signed Document

Technical Description. DigitalSign 3.1. State of the art legally valid electronic signature. The best, most secure and complete software for

ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI All rights reserved

Long-term archiving of electronically signed documents in Hungary

ETSI TR V1.1.1 ( )

Number of relevant issues

ETSI TS V1.1.1 ( ) Technical Specification

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION

Submitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex

ETSI TS V1.1.1 ( ) Technical Specification

e-szigno Digital Signature Application

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server

FOR A PAPERLESS FUTURE. Petr DOLEJŠÍ Senior Solution Consultant SEFIRA Czech Republic

NIST Test Personal Identity Verification (PIV) Cards

ETSI TS V1.3.2 ( )

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

Guidelines for the use of electronic signature

Aloaha Sign! (English Version)

Exploring ADSS Server Signing Services

Specifying the content and formal specifications of document formats for QES

Digital Signature Service. version : 4.7-SNAPSHOT

ETSI TS V1.1.2 ( ) Technical Specification

XML Advanced Electronic Signatures (XAdES)

Certification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions.

CERTIFICATION PRACTICE STATEMENT UPDATE

PAdES signatures in itext and the road ahead. Paulo Soares

StartCom Certification Authority

ETSI TS V1.1.1 ( )

Microsoft Trusted Root Certificate: Program Requirements

Digital Signatures in a PDF

TechNote 0006: Digital Signatures in PDF/A-1

PKI - current and future

Digital Signature Service. e-contract.be BVBA 2 september 2015

CALIFORNIA SOFTWARE LABS

Operating a CSP in Switzerland or Playing in the champions league of IT Security

ETSI TS V1.4.2 ( ) Technical Specification. Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES)

Validity Models of Electronic Signatures and their Enforcement in Practice

DIRECTOR GENERAL OF THE LITHUANIAN ARCHIVES DEPARTMENT UNDER THE GOVERNMENT OF THE REPUBLIC OF LITHUANIA

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

Ericsson Group Certificate Value Statement

.NET Digital Signature Library User Manual

Ciphermail S/MIME Setup Guide

PDF Signer User Manual

Digital Signing without the Headaches

X.509 Certificate Generator User Manual

Public Key Infrastructure (PKI)

Normas ETSI e IETF para Assinatura Digital. Ernandes Lopes Bezerra. Ernandes. 26 de dezembro de 2012

The Estonian ID Card and Digital Signature Concept

Optimized Certificates A New Proposal for Efficient Electronic Document Signature Validation

Certification Practice Statement

The Direct Project. Implementation Guide for Direct Project Trust Bundle Distribution. Version March 2013

SAFE Digital Signatures in PDF

Digital Signature Service. version :

State of PKI for SSL/TLS

Making Digital Signatures Work across National Borders

Reducing Certificate Revocation Cost using NPKI

DECREE 132 of the National Security Authority. dated from 26 March 2009

Digital Certificates Demystified

Asymmetric cryptosystems fundamental problem: authentication of public keys

STANDARDISIERUNG FÜR EIDAS IM MANDATE/460

eid Security Frank Cornelis Architect eid fedict All rights reserved

White Paper. Digital signatures from the cloud Basics and Applications

Technical Specification Electronic Signatures and Infrastructures (ESI); ASiC Baseline Profile

Multiple electronic signatures on multiple documents

CERTIFICATE REVIEW RECORD

Certification Practice Statement

Digital Signatures in Reality. Tarvi Martens SK

CSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA)

Installing your Digital Certificate & Using on MS Out Look 2007.

ETSI TS V1.1.1 ( ) Technical Specification

E-Lock ProSigner vs. In-built Acrobat 6.0 signatures

Grid Computing - X.509

Using Entrust certificates with Adobe PDF files and forms

Entrust Certificate Services. Java Code Signing. User Guide. Date of Issue: December Document issue: 2.0

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

secure2sign: Secure and Seamless Enterprise Signing for Word (including 2007).

associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS)

BDOC FORMAT FOR DIGITAL SIGNATURES

DEPARTMENT OF DEFENSE ONLINE CERTIFICATE STATUS PROTOCOL RESPONDER INTEROPERABILITY MASTER TEST PLAN VERSION 1.0

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Page de signatures électroniques / Electronic Signatures Page

GlobalSign Enterprise Solutions

CA-DAY Michael Kranawetter, Chief Security Advisor (Tom Albertson, Security Program Manager) Microsoft

OB10 - Digital Signing and Verification

Certum QCA PKI Disclosure Statement

Certificate Policy for. SSL Client & S/MIME Certificates

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

How To Make A Trustless Certificate Authority Secure

Concept of Electronic Approvals

Securing VMware View Communication Channels with SSL Certificates TECHNICAL WHITE PAPER

PkBox Technical Overview. Ver

Transcription:

Electronic Signature István Zsolt BERTA istvan@berta.hu Public Key Cryptographic Primi4ves 1

Electronic Signatures - Contents 1. Public key cryptography primiaves 2. CerAficates, CerAficate AuthoriAes, CerAficaAon Paths 3. Electronic signatures: signature crea4on & valida4on 4. InformaAon security management at CAs 5. PKI Business 2 2

Electronic Signature 1. What is an electronic signature? E- signature laws 2. Electronic signature creaaon 3. Time stamping 4. Electronic signature verificaaon 5. Long- term validity of the e- signature 3 3

What is an electronic signature? Public Key Cryptographic Primi4ves 4

Electronic signature Electronic signature means authenacaang an electronic document in an electronic way so that it can be proven who signed it and what had been signed Electronic signatures are recognized by law Certain forms of electronic signatures can be considered equivalent with handwriuen signatures depending on the legislaaon examples: encoding or adding info about the signatory This allows e.g. contracts / declaraaons to be made in a purely electronic format, without the use of paper 5 5

Digital signature Alice, the signatory doc Alice s cert doc A A? Encoding with Alice s private key, anyone can verify it with Alice s public key in her cert 6 6

Electronic signature vs Digital signature Electronic signature is a legal term used for electronic authenacaaon recognized by law Digital signature is a technical term used for encoding with one s private key Not all electronic signatures are digital signatures example: wriang one s name at the end of an e- mail message Not all digital signatures are electronic signatures example: usage of private key in case of a TLS authenacaaon Electronic signatures are not necessarily based on PKI and digital ceraficates but the most advanced ones are 7 7

EU direc4ve 1999/93/EC (current, un4l 2016) DirecAve 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signature Defines key terms: electronic signature ceraficaaon service provider (CA) advanced electronic signature ceraficate qualified ceraficate secure signature creaaon device Electronic signature based on a qualified ceraficate, created with a secure signature creaaon device (=qualified electronic signature) 8 8

EU direc4ve 1999/93/EC (current, un4l 2016) Advanced electronic signature shall meet the following requirements: (a) it is uniquely linked to the signatory; (b) it is capable of idenafying the signatory; (c) it is created using electronic signature creaaon data that the signatory can, with a high level of confidence, use under his sole control; and (d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable. Advanced electronic signature based on a qualified ceraficate and created using a secure signature creaaon device (= qualified electronic signature) 9 9

EU direc4ve 1999/93/EC (current, un4l 2016) Public service providers are under supervision in each Member State of the EU Legal effect: qualified electronic signature: equivalent with a handwriuen electronic signature qualified electronic signature: cross- border, recognized in all Member States signature cannot be rejected solely because it is electronic or because it is not qualified CSP (CA) is liable for the electronic signatures CSP may limit the usability of the ceraficate (QCStatements extension) 10 10

EU regula4on (new, from 2016) RegulaAon of the European Parliament and of the Council on electronic idenaficaaon and trust services for electronic transacaons in the internal market and repealing DirecAve 1999/93/EC full text RegulaAon, not just a direcave; comes into effect 1 st of July, 2016 Electronic idenaficaaon schemes Member States shall define how they idenafy their ciazens, and share this informaaon with other Member States CooperaAon, breach noaficaaon Trust services lists MulAple trust services 11 11

EU regula4on (new, from 2016) Trust services electronic signatures (natural persons)» ceraficates for QES» validaaon service» preservaaon service electronic seals (legal persons) Ame- stamping electronic registered delivery website authenacaaon Trust services can be provided as qualified or non- qualified qualified trust services providers need to prove in court that they had not been negligent qualified trust services enjoy a presumpaon that they are provided well ; the opposite needs to be proven 12 12

Qualified vs Non- Qualified The difference is mostly legal, the cryptographic technology behind them is the same Differences are: probaave force cross- border acceptance service provider s liability requirements on key management 13 13

Qualified signature Is it more secure à not necessarily Qualified means it is equivalent with a handwriuen signature As a Relying Party you have more info on what applies to the qualified signature, e.g.: Face- to- face registraaon Supervised CA CA is liable for the ceraficate Secure Signature CreaAon Device It is more straighmorward to accept qualified signatures 14 14

US law Electronic Signatures in Global and NaAonal Commerce Act ("ESIGN") a signature, contract, or other record relaang to such transacaon may not be denied legal effect, validity, or enforce- ability solely because it is in electronic form contract relaang to such transacaon may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formaaon No direct menaon of PKI or digital signatures Detailed requirements on what the consumer has to be informed of, and what the requirements are for obtaining the consumer s consent, and what informaaon has to be retained 15 15

E- signed document A document with a(n advanced) electronic signature is authenac where authenacity is provided by its encoding Thus are all copies of the signed document also original 16 16

Non- Repudia4on Electronic signature is commonly associated with non- repudiaaon Laws do NOT use this term, they use: probaave force presumpaon if the signature is valid Technical verificaaon of the signature: is the signature created with the user s private key? was the user s ceraficate valid at the Ame of signing? Legal quesaons: did the signatory sign the document? did he/she understand it and intend to sign it? was there consent? meeang of the minds à Non- repudiaaon is just a technical term 17 17

Electronic signature crea4on Public Key Electronic Cryptographic Signatures Primi4ves 18

Electronic Signature crea4on Alice, the signatory doc A Alice s cert doc A A? Henceforth, we consider at least advanced electronic signatures only 19 19

Signature crea4on 1. The signatory reviews a document and decides to sign it 2. The signatory gives the document to a Signature CreaAon ApplicaAon 3. The Signature CreaAon ApplicaAon computes a hash of the document and sends the hash to a (Secure) Signature CreaAon Device 4. The Signature CreaAon Device computers the signature using the private key and sends it back to the Signature CreaAon ApplicaAon, who appends it to the document 20 20

Communica4on with a smart card Signature Creation Application Microsoft CryptoAPI CSP PKCS#11 PC/SC layer Computer/Terminal card reader s driver card reader 21 21

Signature crea4on doc hashing hash padding (PKCS#1) A signature A 22 22

Signature Crea4on (detailed) signature block doc hash A cert hash signature container Further info: metadata, signature policy, etc. signature Unsigned informaaon: CerAficaAon Path, Timestamp CerAficate RevocaAon Lists, OCSP responses hashing hash A Signature block: XMLDSIG, PKCS#7, CAdES, XAdES Signature container: PDF, Word, S/MIME, ES3 23 23

Signature formats In pracace, signature is not computer over a hash of the document but over a signature block (which contains the hash of the documents) ASN1- based formats PKCS#7, CMS CAdES (ETSI extension) XML- based formats XMLDSIG XAdES (ETSI extentsion) Signature format: describes how the signature was created, refers to policies, contains paths, CRLs, etc Container format: helps you find what was signed, helps you when opening the signed doc, helps you manage mulaple signature 24 24

XMLDSIG signature <ds:signature> <ds:signedinfo> <ds:canonicalizationmethod Algorithm="..." /> <ds:signaturemethod Algorithm="..." /> <ds:reference Id="..." URI="..."> <ds:transforms>... </ds:transforms> <ds:digestmethod Algorithm="..." /> <ds:digestvalue>...</ds:digestvalue> </ds:reference> </ds:signedinfo> <ds:signaturevalue...>... </ds:signaturevalue> <ds:keyinfo...>... e.g. signer s cert... <ds:keyinfo>... </ds:signature> 25 25

XADES Signature <ds:signature> <ds:signedinfo> <ds:canonicalizationmethod Algorithm="..." /> <ds:signaturemethod Algorithm="..." /> <ds:reference Id="..." URI="...">... </ds:reference> </ds:signedinfo> <ds:signaturevalue...>... </ds:signaturevalue> <ds:keyinfo...>... <ds:keyinfo> <ds:object><xades:qualifyingproperties> <xades:signedproperties> signature policy ref; location and time of signature,... </xades:signedproperties> <xades:unsignedproperties> timestamp, revocation information,...</xades:unsignedproperties> </xades:qualifyingproperties></ds:object> </ds:signature> 26 26

Signature & Signed document Detached signature two separate files you should NEVER lose connecaon Signature format is also a container e.g. Word or PDF easy to open difficult to enforce a signature/verificaaon policy Container is also a signature format e.g. enveloping XAdES signature or ES3 dossier easy to verify signatures with a unified policy signatures need to be unpacked before verificaaon 27 27

PDF signature Document + signature container at once Contains PKCS#7 or CAdES signatures Supports visible signatures Straighmorward: one document, one signature Not- so- straighmorward: mulaple signers, archive signatures, signatures over non- PDF files ETSI 102 788 - PAdES 28 28

ES3 dossier (widely used in Hungary) See specificaaon here XML container format May contain mulaple documents and mulaple XAdES signatures over them Metadata for documents Supports workflows Signatures can be Ame stamped and/or archived 29 29

OpenOffice signatures ZIP file with a fixed structure the file META- INF/documentsandsignatures.xml may contain mulaple signatures XMLDSIG signatures only, they can be XAdES too Problems: no Amestamps, compaability issues 30 30

Time stamping Public Key Electronic Cryptographic Signatures Primi4ves 31

Time stamping Could you Amestamp this hash? requestor hash Time Stamping Authority I cerafy that this hash hash existed at half past ten. T T T Online quesaon, online answer with a secure Ame TSA is required to maintain a secure clock Provides signed answers RFC 3161 32 32

Time stamping as a trust service Provides a secure Ame Links the secure Ame to a document Has probaave force Has a standard format 33 33

Why 4me stamp? A signed document s lifeame may significantly exceed that of the ceraficate Signatures must remain valid even if the signatory s ceraficate expires is revoked In order to verify a signature, we need a secure point in Ame when we can be sure the signature already existed Time stamps provide this source of Ame Signature verificaaon is usually based on Ame stamps 34 34

Signature verifica4on Public Key Electronic Cryptographic Signatures Primi4ves 35

Signature verifica4on Verify technical validity cryptographic verificaaon - does the required relaaon exist between the document, the public key and the signature? was the signatory s ceraficate valid at the Ame of signing? Is the signature acceptable in the given legal & organizaaonal context? level of security of the signature was the signer authorized to sign? how sure am I in the validity of the signature? signature policy? did the signer mean to sign the document? was it the signer (person) who signed the document? 36 36

Cryptographic verifica4on signature block doc hash A cert hash signature container Further info: metadata, signature policy, etc. signature Unsigned informaaon: CerAficaAon Path, Timestamp CerAficate RevocaAon Lists, OCSP responses A hash == hash 37 37

Was the singer s cert valid at the 4me of signing? When was the signature created? is there a Amestamp? do I have any other evidence? Can the signer s cert be chained to a trusted root? with respect to the Ame of signing there can be mulaple roots and/or mulaple chains Were all ceraficates in the chain valid at the Ame of signing? unexpired? unrevoked? 38 38

Cer4fica4on Path RootCA s cert RCA RCA Alice s cert A CA1 s cert CA1 CA1 RCA We obtain user Alice s public key from Alice s cert Alice s cert can be verified based on CA1 s public key in CA1 s cert CA1 s cert can be verified by RootCA s public key in RootCA s cert RootCA s key/cert is a trust anchor 39 39

Relevant revoca4on info RevocaAon informaaon relevant to the 4me of signing can be used as evidence only the CRL must relate to the cert the CRL must be relevant to the Ame of signing can a CRL earlier than the Ame of signing be used as evidence? 40 40

Grace period CRLs at the Ame of signing might mean unsuitable evidence, because the user needs Ame to detect key compromise the user needs Ame to report key compromise the CA needs Ame to update its registry about the key compromise and publish the new revocaaon status it takes Ame unal new revocaaon status informaaon propagates and all relying paraes are noafied it may take Ame unal someone can obtain posi4ve confirmaaon of a signature s validity up the whole ceraficaaon chain 41 41

Addressing grace period 1. Use the most recent revocaaon informaaon (neglect grace period) 2. Apply grace period for end- enaty certs, but do not apply it for CA/TSA certs 3. Apply grace period at every level 4. Apply grace period at ever level, use real- Ame revocaaon checking via OCSP to get immediate posiave confirmaaon OCSP responses need to apply to current Ame each OCSP response must be fresh how to validate the OCSP responder s cert? 42 42

Valida4ng a signature Obtain control Ame, i.e. the point of Ame we use for signature validaaon if there is (one or more) Ame stamp, use that if there is any other evidence, use that worst case: use Ame of validaaon With respect to the control Ame : build a ceraficaaon path validate signature on all certs in the path à recursion collect evidence for revocaaon status of all certs in the path, and validate the signature on all such evidence à recursion apply grace period as per signature policy 43 43

Result of Signature Valida4on VALID: The validity of the signature can be proven based on the available informaaon, according to the signature policy INVALID: The signature is proven to be invalid based on the available informaaon, according to the signature policy UNFINISHED: There is no evidence for the signature being invalid, but we have no posiave evidence either; we need to wait unal relevant revocaaon informaaon is published 44 44

If a signature is technically valid Note that it does not necessarily mean that it will be accepted in court or is not necessarily suitable for a given purpose 45 45

Long- term validity of signatures Public Key Electronic Cryptographic Signatures Primi4ves 46

How long does a signature remain authen4c? From legal point of view, the validity of the signature does not fade away with Ame From technical point of view it may become difficult to prove that a signature had been valid at a previous point of Ame Signature without Amestamp? à as long as the signer s cert is valid Signature with Amestamp? à as long as the TSA s cert is valid If you want more, the signature needs to be archived, it needs to be Ame stamped at regular intervals 47 47

XAdES- BES (basic electronic signature) doc Alice s cert A CA1 signature 48 48

XAdES- T ( with Time) doc Alice s cert A CA1 signature 49 49

XAdES- C or X- L doc Alice s cert A CA1 signature revocaaon informaaon with respect to the Ame on the Amestamp of the T signature 50 50

XAdES- A doc Alice s cert A CA1 signature revocaaon informaaon with respect to the Ame on the Amestamp of the T signature 51 51

XAdES- A valida4on, in 2010 Alice doc CRLs, etc 2001; md5, RSA512 Cert paths, CRLs, etc Cert paths, CRLs, etc for yellow TS Cert paths, CRLs, etc for pink TS Cert paths, CRLs, etc for green TS 2003; md5, RSA768 2003; sha- 1, RSA1024 compromised in 2009 2007; sha- 1, RSA2048 2013; sha- 256, RSA2048 52 52

Signature Policy A signature s validity is not objecave, it depends on the policy we use for signature validaaon The signature policy may include roots algorithms Amings Amestamps revocaaon informaaon grace periods etc A signature s validity can be discussed in context of a policy only 53 53

Summary Electronic signature is a legal term for e- signatures recognized by law; they are not necessarily based on crypto or PKI Digital signature is a crypto operaaon, its result is not necessarily accepted by court EU legal systems define certain PKI- based (qualified) signatures as equivalent with handwriuen ones; US legal systems do not emphasize PKI, they emphasize the circumstances A PKI signature is obtained by encoding the hash of the document (or a signature block) with the private key To verify a signature, you need to verify if the signature, the public key and the doc correspond to each- other and that the signatory s cert was valid at the Ame of signing Security of signatures is o en based on Ame stamps 54 54

Recommended reading EU and US e- signature laws Thomas Fleiner: Common law vs ConAnental law Apsheet full paper Summary of US e- Sign act XAdES specificaaon 55 55

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information