Download presentation
Presentation is loading. Please wait.
1
The proof of your digital documents
______________________________________________________________________ UN/CEFACT August 29, 2008
2
What is a digital signature ?
How it works Dear Alice, Let’s meet in Venice next weekend. Bob Alice Dear Alice, Let’s meet in Venice next weekend. Bob Bob 4. Imprint Bob y9jl09cw56 x6fR7890cv 1. Imprint Bob x6fR7890cv 3. Decypher Bob 2. Cypher If equality then : Message comes from Bob Message has not been modified Bob ______________________________________________________________________ y9jl09cw56 x6fR7890cv Signature UN/CEFACT August 29, 2008
3
Digital signature formats : PKCS#7, CMS, XAdES
History of digital signature formats Influenced by structured data models ASN.1 (Abstract Syntax Notation 1) Message and communication oriented Compact Binary data support Performance Abstruse XML (eXtensible Markup Language) Applications oriented Verbose Binary data not supported -> required Base64 encoding (x 4/3) High CPU and memory requirements Open – self described ______________________________________________________________________ UN/CEFACT August 29, 2008
4
Digital signature formats : PKCS#7, CMS, XAdES
History of digital signature formats (continued) ASN.1 1990 PKCS#7 1993 Public Key Cryptographic Standard XML 1998 XML Digital Signature XMLDSIG 2000 Cryptographic Message Syntax CMS 2004 XML Advanced Electronic Signature XAdES 2003 CMS Advanced Electronic Signature CAdES 2005 ______________________________________________________________________ t UN/CEFACT August 29, 2008
5
Different types of signature
3 types of signatures = 3 types of proof Enveloping attached : signature contains signed content (through internal URI) Enveloping detached : signature references signed content (external URI reference) Enveloped: signature is included in the document it signs (internal URI which excluedes itself) ______________________________________________________________________ UN/CEFACT August 29, 2008
6
Different types of signature
Pros and cons of different types of signatures Enveloping attached Contains signature(s), content, timestamps, etc. Ease of verification and use Can sometimes be complex to manipulate if huge Enveloping detached Only contains signature Difficult to verify because access to signed content is required : file system, database, network resources, etc. Allows the signature to be communicated independantly of signed content Enveloped Signature is inside content Only works with XML content or proprietary (PDF, Microsoft) Implementation is tied to data structure Adapted to internal applications, low interoperability ______________________________________________________________________ UN/CEFACT August 29, 2008
7
Digital signature properties
Properties are important to signature contextualization Signed properties Date & time Signature production place Signature policy Etc… Signed properties participate in digital signature computation Unsigned properties Timestamp LCR, OCSP Note : these properties are not signed by the signatory but are nevertheless signed ! Unsigned properties do not participate in digital signature computation and hence do not participate in the document’s integrity. UN/CEFACT August 29, 2008
8
Different types of signature
French banking commission XAdES format as defined in RGI (French e-Administration interoperability framework) BES (SigningCertificate or KeyInfo mandatory) EPES (signature policy mandatory) Enveloping attached signature required Signature policy : Identifyer : (OID) 1 file = 1 signature Canonicalisation algorithm de (because XBRL) Supported certificates, digital evidence agreement, etc. ______________________________________________________________________ UN/CEFACT August 29, 2008
9
Zoom on XAdES signature policy
<xad:SignaturePolicyIdentifier> <xad:SignaturePolicyId> <xad:SigPolicyId> <xad:Identifier Qualifier="OIDAsURN">urn:oid: </xad:Identifier> </xad:SigPolicyId> <xad:SigPolicyHash> <ds:DigestMethod Algorithm=" <ds:DigestValue>q+ahW33Qg36KEeKdQLs94R4zb1c=</ds:DigestValue> </xad:SigPolicyHash> <xad:SigPolicyQualifiers> <xad:SigPolicyQualifier> <xad:SPURI> </xad:SigPolicyQualifier> </xad:SigPolicyQualifiers> </xad:SignaturePolicyId> </xad:SignaturePolicyIdentifier> UN/CEFACT August 29, 2008
10
Contact Francois Devoret Lex Persona +33 6 72 74 35 53
UN/CEFACT August 29, 2008
Similar presentations
