Page de signatures électroniques / Electronic Signatures Page Information Documentaire / Document Information Titre / Title : Auteur / Author : Reference : This document has been digitally signed and timestamped. To verify signatures validity, please refer to procedure and tools available on web site pki.thalesaleniaspace.fr/pki/ By default, signatures validity is unknown. The? icon is present on each signature. After verification, the? icon disappears if signature is valid. Last product update: july 2006. Tous droits réservés Thales Alenia Space All rights reserved
Page laissée blanche intentionnellement Blank page intentionally left Tous droits réservés Thales Alenia Space All rights reserved
ISSUE : 5 Page : 1 / 20 PROCEDURE TO EXTERNALLY VERIFY ELECTRONIC SIGNATURE Written by Hélène DERREY Engineer ATOS ORIGIN Responsibility-Company Verified by PL NAUT IS/ES/PS Approved E. BOURDEAU IS/ES
ISSUE : 5 Page : 2 / 20 CHANGE RECORDS ISSUE DATE : CHANGE RECORD AUTHOR 1 17/10/03 Creation Eric GENOTELLE 2 01/05/04 General correction Eric GENOTELLE 3 20/09/04 Addition of a FAQ, external access Eric GENOTELLE 4 01/07/06 Timestamp and new Alcatel Alenia Space certificate authorities Eric GENOTELLE 5 Convergence Thales Alenia Space Hélène DERREY
ISSUE : 5 Page : 3 / 20 TABLE OF CONTENTS 1. INTRODUCTION 4 2. ELECTRONIC SIGNATURE CONCEPTS 5 2.1 WHAT IS ELECTRONIC SIGNATURE? 5 2.2 WHAT ARE ELECTRONIC SIGNATURE BENEFITS? 5 2.3 HOW DOES IT WORK? 5 2.4 THALES ALENIA SPACE ELECTRONIC SIGNATURE FEATURES 6 3. SIGNATURE VERIFICATION PROCEDURE 8 3.1 PREREQUISITE 8 3.2 SIGNATURE VERIFICATION POINTS 8 3.3 VERIFICATION PROCEDURE 8 3.3.1 NORMAL WORK 8 3.3.2 IF THE DOCUMENT HAS BEEN MODIFIED 10 3.3.3 IF SIGNATURE CERTIFICATES ARE NOT VALID 10 4. ANNEX A: SOFTWARE INSTALLATION 12 4.1 INSTALLATION OF ADOBE ACROBAT READER 12 4.1.1 PRODUCT DOWNLOAD 12 4.1.2 INSTALLATION 12 4.2 INSTALLATION OF UTIMACO SIGN&CRYPT FOR ACROBAT 12 4.2.1 PRODUCT DOWNLOAD 12 4.2.2 INSTALLATION 12 4.2.3 CONFIGURATION 12 4.3 INSTALLATION OF CERTIFICATE AUTHORITY CERTIFICATES 13 5. ANNEX B: ELECTRONIC SIGNATURE PRINCIPLES 17 5.1 SIGNATURE APPOSITION 17 5.2 SIGNATURE VERIFICATION 17 6. ANNEX C - FAQ AND PROBLEM 18
ISSUE : 5 Page : 4 / 20 1. INTRODUCTION This document describes how to verify electronic signatures of Thales Alenia Space documents. This document is intended to anyone who: has to electronically verify digital signatures of documents delivered by Thales Alenia Space wishes to get an overview of electronic signature concepts, wishes to get an overview of electronic signature solution in Thales Alenia Space. The electronic signature After a presentation on electronic signature concepts and its application to Thales Alenia Space, this document describes the procedure to verify electronic signature. An annex describes all installation software you need to perform. Another one presents signature principles. This document may be download from: http://ged/doc.htm?ref= for Thales Alenia Space people http://pki.thalesaleniaspace.fr/pki/doc/.pdf for everyone (Internet access)
ISSUE : 5 Page : 5 / 20 2. ELECTRONIC SIGNATURE CONCEPTS 2.1 What is electronic signature? Electronic signature provides two services: integrity of the document : it guarantees the document has not been modified since it was signed. Alice I received a document signed by Alice. How can I be sure it has not been modified since the signature? non-repudiation : it guarantees the signer cannot deny he does not sign it. Bob How can I be sure that Alice will not pretend she has not signed the document? Alice Bob 2.2 What are electronic signature benefits? Electronic signature allows: to exchange contractually electronic documents to reduce cost for the provider: no more paper signature to be manually distributed, archived, no more document "physical" delivery (.i.e. through DHL ). Paper document weight is significant. it reduces signature duration process thanks to a signature workflow to reduce cost for the customer electronic verification process may be performed much quicker than manual control. to improve signature process quality to reduce exchange duration 2.3 How does it work? It is based on ciphering algorithms using private/public key of a signer. A signer is identified through the mean of a certificate. A certificate is a person s digital identity. It links some information about the person with its public key. Certificates are delivered, signed and maintained by a Certification Authority (CA). They follow standards (X.509 v3)
ISSUE : 5 Page : 6 / 20 1 Thales s X.509 Certificate Serial Number : 6cb0dad0137a5fa79888f Validity : Nov. 08, 2002 - Nov. 08, 2004 Subject / Name / Organization Organization = Thales Alenia Space Common Name = Pierre-Louis NAUT Email Address = pierre-louis.naut@thalesaleniaspace.fr Public Key: ie86502hhd009dkias736ed55ewfgk98dszbcvcq m85k309nviidywtoofkkr2834kl Signed By : Thales Alenia Space kdiowurei495729hshsg0925h309afhwe09721h481 903207akndnxnzkjoaioeru10591328y5 Figure 1 : Certificate feature CA Digital Signature Thales s CA Signature is produced with the private key of the signer Signature is verified with the public key of the signer. If one character of document is modified since signature apposition, the signature verification will detect it! The annex B details signature principles. 2.4 Thales Alenia Space Electronic signature features Thales Alenia Space provides a signature system allowing to sign PDF documents. Signatures are embedded in the PDF documents. Signature proofs, i.e. signer certificates and CA certificates, are also embedded in the PDF document, so that verifier has all the necessary elements to check signatures. PDF documents are signed though Acrobat plug-in technology, using UTIMACO Sign&Crypt plugin. Thales Alenia Space signature is compliant to signature standards: X.509v3, PKCS#7, Signatures may be verified through free tools according to the procedure defined in 3. Thanks to Acrobat technology, signatures have also a visible render, mentioning : signer identify (full name, email address) CA identity signature date signature reason (i.e. Writer, Approving, ) All visible signatures are stored in a heading page.
ISSUE : 5 Page : 7 / 20 Figure 2 : Visible signatures of heading page A signed PDF document may be viewed with a standard ADOBE Acrobat Reader. Signatures of a signed PDF document may be viewed (but not checked) and print from a standard ADOBE Acrobat Reader. Signatures of a signed PDF document may be checked with ADOBE Acrobat Reader and an additional UTIMACO plug-in for a ADOBE Acrobat Reader (see 4.2). This plug-in is free of charge. Signatures are put according to a signature process defined below: Most signers sign with internal certificates. Thales Alenia Space delivers internal certificates to all Thales Alenia Space users. A qualified user may sign with a Corporate certificate, in order to certify/guarantee the signature process. Thales Corporate (ASKI) delivers Corporate certificates to "qualified" users such as document manager, program manager, Document to be signed Internal Signatures Certifying Signature Signature 1 Signature 2 Signature 1 Signature 2 Corporate Signature PDF Internal certificates Corporate certificates Figure 3 : Thales Alenia Space signature Process Signer may be identified in the signature according to his email address (i.e. pierrelouis.naut@thalesaleniaspace.com) or his full name (i.e. Pierre-Louis NAUT). Email address and full name are parts of the signer certificate subject. The signature server provides the signature date. Since 2006, signature are timestamped thanks to a timestamp server.
ISSUE : 5 Page : 8 / 20 3. SIGNATURE VERIFICATION PROCEDURE 3.1 Prerequisite To verify signatures of PDF documents signed by Thales Alenia Space, you need to have installed on a PC: Adobe Acrobat Reader 5.1 or higher (cf. installation in 4.1) UTIMACO Sign&Crypt for Acrobat Reader (cf. installation in 4.2) Certificates of CA (cf. installation in 4.3) All of these components are free of charge. PC operating system may be Windows NT 4.0, Windows 2000, Win XP. 3.2 Signature verification points The following table defines signature verification points: Signature verification points Comment Document signature See principles in 5.2 Signer certificate signature See principles in 5.2 where the document to be signed is the certificate Signer certificate validity date Look if the signature date is between the "Not before" date and the "Not after" date. These date are parts of certificate. Certificate Authority trust chain Check certificates signature of all CA involved in trust chain. At that time, there is no CRL (Certificate Revocation List) check. 3.3 Verification procedure 3.3.1 Normal work Open the PDF signed document from ADOBE Acrobat Reader. Display all signatures thanks to Signatures tab. All signatures are tagged with a question mark ("?"), which means that signer certificates have not been yet verified. Go to Signature button and select the option "Authenticate all signatures" (in French "Authentifier toutes les signatures")
ISSUE : 5 Page : 9 / 20 If signer certificates are OK, Acrobat Reader tags them with a green V (ü). In expanding signature in the left frame, we may see signature properties: signer name, signature date, signature reason, To get details on signature and certificate, click right on signature of the left frame. Select Properties menu item. A window displaying signature properties appears. To have information on certificate, select Show button
ISSUE : 5 Page : 10 / 20 3.3.2 If the document has been modified If the document has been modified since signature, Acrobat indicates it the signature left frame "The document has been modified". 3.3.3 If signature certificates are not valid If signer certificates cannot be verified or are not OK, Acrobat Reader indicates it: the signature is tagged with a red cross X.
ISSUE : 5 Page : 11 / 20 To know the reason, click right on signature then Properties. Acrobat displays the problem reason in the validity area.
ISSUE : 5 Page : 12 / 20 4. ANNEX A: SOFTWARE INSTALLATION This section describes the components you have to install to verify Thales Alenia Space document signatures. It consists in: 1. installing ADOBE Acrobat Reader 5.1 or higher 2. installing UTIMACO Sign&Crypt for Acrobat Reader 4.0.0006 or higher 3. installing CA certificates 4.1 Installation of ADOBE Acrobat Reader 4.1.1 Product download With a browser, go to the site http://www.adobe.com Then get ADOBE Acrobat Reader by clicking on Follow instruction and fill ADOBE forms. Select the option "Do not use Adobe Download Manager" if you want to download the full installable version. Then ADOBE asks you where to save the installable file, whose default name is for example AdbeRdr60_fra_full.exe. 4.1.2 Installation With the file explorer, run the installable file then follow instructions. 4.2 Installation of UTIMACO Sign&Crypt for Acrobat 4.2.1 Product download With a browser, go to the site http://pki.thalesaleniaspace.fr/pki/tools/ then download the product Sign&Crypt for Acrobat Reader 4.2.2 Installation You should have Acrobat Reader 5.1 or more higher installed. With the file explorer, run the installable file then follow instructions. 4.2.3 Configuration Run Acrobat Reader An UTIMACO splash window should briefly appear when Acrobat is starting. Go to the menu Edition / Preferences / TS SafeGuard Sign&Crypt
ISSUE : 5 Page : 13 / 20 In the CRL tab: Select the option Check certificate trust chain when validating signature. This option allows to check, in addition to signature check and certificate validity date check, certificate trust chain. Select the option Do not use CA/Root certificates stored in the message. This option allows to perform the trust chain according to the Windows certificate store, and not CA certificates located in the document. In the horodatage tab, leave all fields empty. 4.3 Installation of Certificate Authority certificates Because trust chain verification is performed according to Windows certificate store (more reliable than the document), all the certificate authorities have to be declared in this store. The following table lists all the CA certificates to be installed.
ISSUE : 5 Page : 14 / 20 CA certificates Download URL Description Thales Alenia Space http://pki.thalesaleniaspace.fr/pki/cer/tas_root_ca.c Father of Thales Alenia Space Ged Root CA er CA Subject: E = RootCA@thalesaleniaspace.com CN = Thales Alenia Space RootCA O = Thales Alenia Space C = FR Thales Alenia Space Ged CA http://pki.thalesaleniaspace.fr/pki/cer/tas_cacert.ce r Signature : 85 3a 96 69 3c 83 a6 37 d4 36 83 f7 76 41 3c 1b 98 9e 5d 06 CA delivering internal certificates for all Thales Alenia Space signers Subject: E = TASCSS@thalesaleniaspace.com CN = TAS Signature Service CA O = Thales Alenia Space C = FR Signature : b5 15 7f a5 61 44 da d6 7b a1 59 b4 54 a7 d2 33 6e 1a f1 33 Tableau 1 : CA involved in signature trust chain (*) These certificates have to be installed only if Thales Corporate certificates are involved in signature process. Download the CA certificate from URL With the file explorer, double-click on the certificate file (.cer). It opens certificate properties Windows. Click on Install certificate button.
ISSUE : 5 Page : 15 / 20 It opens a certificate import wizard Windows. Click on Next button. Let the default option (Automatically ) Click on Next button. Click on Finish button. To the question "Do you want to add the following certificate to the XXX store ", answer Yes.
ISSUE : 5 Page : 16 / 20 The CA importation is terminated.
ISSUE : 5 Page : 17 / 20 5. ANNEX B: ELECTRONIC SIGNATURE PRINCIPLES This section describes electronic signature principles defined by the following figure. Document Document Document CA secret public public HASH HASH HASH RSA Sign RSA Digital Signature Internet Digital Signature Verify Document Document Document Figure 4 : Signature principles 5.1 Signature apposition A hash of a document is computed, according to a hash function (typically MD5 algorithm) The hash is coded with the private key of the signer, according to a crypt function (typically RSA algorithm) This crypted hash is the document signature. The document and the signature are sent to the recipient. 5.2 Signature verification The recipient receives the document and the signature. The hash of a document is computed, with the same hash algorithm as the one used for signature apposition. The signature (crypted hash) is decrypted, with the same algorithm as the one used for signature apposition and with the public key of the signer. The public key may be found in the certificate that is usually annexed with document and signature. The 2 hashes are compared. If they are the same, the signature is OK. If not, the signature is KO.
ISSUE : 5 Page : 18 / 20 6. ANNEX C - FAQ AND PROBLEM Question Sign&Crypt for Acrobat Reader can not be installed. When running Sign&Crypt for Acrobat Reader setup, this one is indicating Acrobat Reader version is incorrect Answer Please check the version of Acrobat Reader. It should be greater than 5.1 Question Answer Question Answer Question Answer Question Answer Question Answer I have the full Acrobat 6.0 pack installed. Sign&Crypt for Acrobat Reader cannot be installed. The full Acrobat 6.0 pack may not include Acrobat Reader. Sign&Crypt for Acrobat Reader works only with Acrobat Reader. In this case, please first install Acrobat Reader. When I'm trying to verify a signature, I get an error message pointing out that signature cannot be verified due to an invalid or missing signature pilot. Sign&Crypt for Acrobat Reader is not installed. Please install it. I have the full Acrobat 6.0 pack and Acrobat Reader installed on my PC. When I'm opening a PDF document with the explorer or with IE navigator, the PDF document is opened with Acrobat and not Acrobat Reader, so I cannot verify signatures. It's a normal and standard behavior of Acrobat product. To solve the problem, start Acrobat Reader before opening PDF document. It will force PDF document opening with Acrobat Reader. When opening a digitally signed PDF document with IE, Acrobat Reader traps. It happens sometimes with Acrobat Reader 6.0 and when the option 'authenticate all signatures when opening a document'. Please unselect this option. Nevertheless, it is not recommended to have this option selected. Verifying signatures may take time, so may penalize the user whereas it is not necessary to systematically perform signature verification. When performing signatures verification on a PDF document containing multiple signatures with Acrobat Reader 6.0, all signatures status are OK, but for all signatures except the last one, Acrobat indicates the document has been modified since the signature apposition. It's a behavior for Acrobat 6.0 that considers signature apposition is a modification. Each new signature apposition generates a new revision of the document. If you made a comparison between 2 revisions, you will notice the only change is signature apposition. This comparison can be performed only with Acrobat. Note: you do not have this inconvenient with Acrobat 5.1.
Question Answer SIGNATURE VERIFICATION ISSUE : 5 Page : 19 / 20 When I print a document, information such as title, author, reference, are not printed in the signature page. You have to print the document with the option "Document and comments" selected.
ISSUE : 5 Page : 20 / 20 END OF DOCUMENT