1 Digital Signatures – A Global Challenge Joachim Lingner Software Engineer Sun Microsystems 1

2 Content Actually not much Shortcomings of the current implementation Signature framework

3 XML Digital Signature in OOo Protects against Manipulation of the content ZIP File Signatures.xml File Entry 1 File Entry 2 File Entry 3

4 XML Digital Signature in OOo (contd.) Allows adding data, but not changing content ZIP File Signatures.xml File Entry 1 File Entry 2 File Entry 3 white space File Entry 4...

5 Alternative to XML DSig Signing the whole file, for example using CMS (Cryptographic Message Syntax) ZIP File Signatures.xml File Entry 1 File Entry 2 File Entry 3

6 Managing Certificates and Keys OOo uses different key stores (except on Windows). Selection of key stores is “incomprehensible” for users. > Using fixed order of products (Thunderbird, Firefox, etc.) > Only default profile can be used. Users may have different profiles. > Key store can be determined by an environment variable.

7 Managing Certificates and Keys (contd.) Users want a central place to manage all keys / certificates.

8 Maintaining the Code OOo uses an old version of 'XML Security Library', which cannot be updated easily. “Ancient” Mozilla libraries The implementation is difficult to understand / debug. The implementation makes use of XUnoTunnel. Therefore, UNO services cannot easily be exchanged.

9 Certificate Validation Validation results may differ on different platforms. > Windows and NSS API does not document exactly how validation is done. Certificate Revocation Lists (CRLs) are NOT required. Retrieval of CRLs limited (LDAP, etc.). Retrieval of intermediate certificates is not supported in old NSS library (via AIA extension).

10 What Are Signed Documents Good For The digital signature replaces a hand written signature in an electronic document. Broad acceptance will only be achieved, if > the signature conforms to legal regulations > the conformance is certified That's the “Global Challenge”.

11 Critical Issues for Germany No certification from Federal Network Agency for Electricity, Gas, Telecommunications, Postal Service and Railways (BNetzA). An expired certificate does not invalidate the signature necessarily. The user must be clear about what exactly is being signed. The dialog just refers to the 'content'.

12 Critical Issues for Germany (contnd.) Certificates must be used according to their purpose. OOo does not process the KeyUsage extension. SHA-1 is not regarded as secure for signing data. Documents need to be resigned before algorithms become weak. The revocation status of certificates must be checked.

13 Objectives for a Framework Extending OOo easily with new signature components (for example, for different countries) Fast and easy selection of the signing algorithm in the options dialog Replacing the current implementation

14 What Signatures Are There XML Digital Signature XML Advanced Electronic Signature (XAdES) CMS Advanced Electronic Signature (CAdES) other Signatures can be stored in different ways: > as file entries in the zip file (currently used) > as file entry in the zip file but signing the whole file > the signature file itself can contain the signed data

15 Selecting the Signature Type

16 Using Different Signature Types Adding a new signature may break an already existing signature. Different signatures may validate differently. For example, the file is signed with a CMS signature and then a XML signature is added to the file. Difficult user interface. Different validation results are difficult to convey to user. Therefore, only one signature type per document.

17 Menu Items Document and macro signatures entries

18 Menu Items (contd.) Other signature components may not support a separate macro signature, and need to “disable” the menu item. Or every signature component defines their own menu items

19 Menu Items (contnd.) New document: the menu items of the currently selected signature component are displayed. Loading a signed document: the menu items of the signature component that created the signature are displayed. Loading a document with an unknown signature: No signature related menu items are displayed. No additional signature can be added. Requires enhancements for handling of menus and tool bars.

20 Status Bar Signature components can provide their own icons and display them in the status bar. OOo can provide a set of standard icons. Requires a new public API.

21 Identifying the Signature Component Documents should contain a signature description for these reasons: OOo must recognize a signature even if the matching signature component is not installed. Then no other signature may be written. Only the right signature component produces the expected validation result. Only the right signature component can remove the signature properly. If there is no suitable signature component installed, then the user needs to be informed.

22 Unknown Signature Type ODF containing the signature and signature description

23 Unknown Signature Type (contd.) ODF file embedded in signature, no access to signature description

24 Problems solved? Easier to provide signature components which are adapted to local legal regulations. Easier for the user to chose a signature format. Other problems have been shifted to the developers of the signature components. > Writing, validation, key administration Maybe this framework is overkill and we should focus on one particular type of signature.

25 Joachim Lingner Further discussions on