Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Digital Signatures – A Global Challenge Joachim Lingner Software Engineer Sun Microsystems 1.

Published byAmice Heath Modified over 7 years ago

Similar presentations

Presentation on theme: "1 Digital Signatures – A Global Challenge Joachim Lingner Software Engineer Sun Microsystems 1."— Presentation transcript:

1 1 Digital Signatures – A Global Challenge Joachim Lingner Software Engineer Sun Microsystems 1

2 2 Content Actually not much Shortcomings of the current implementation Signature framework

3 3 XML Digital Signature in OOo Protects against Manipulation of the content ZIP File Signatures.xml File Entry 1 File Entry 2 File Entry 3

4 4 XML Digital Signature in OOo (contd.) Allows adding data, but not changing content ZIP File Signatures.xml File Entry 1 File Entry 2 File Entry 3 white space File Entry 4...

5 5 Alternative to XML DSig Signing the whole file, for example using CMS (Cryptographic Message Syntax) ZIP File Signatures.xml File Entry 1 File Entry 2 File Entry 3

6 6 Managing Certificates and Keys OOo uses different key stores (except on Windows). Selection of key stores is “incomprehensible” for users. > Using fixed order of products (Thunderbird, Firefox, etc.) > Only default profile can be used. Users may have different profiles. > Key store can be determined by an environment variable.

7 7 Managing Certificates and Keys (contd.) Users want a central place to manage all keys / certificates.

8 8 Maintaining the Code OOo uses an old version of 'XML Security Library', which cannot be updated easily. “Ancient” Mozilla libraries The implementation is difficult to understand / debug. The implementation makes use of XUnoTunnel. Therefore, UNO services cannot easily be exchanged.

9 9 Certificate Validation Validation results may differ on different platforms. > Windows and NSS API does not document exactly how validation is done. Certificate Revocation Lists (CRLs) are NOT required. Retrieval of CRLs limited (LDAP, etc.). Retrieval of intermediate certificates is not supported in old NSS library (via AIA extension).

10 10 What Are Signed Documents Good For The digital signature replaces a hand written signature in an electronic document. Broad acceptance will only be achieved, if > the signature conforms to legal regulations > the conformance is certified That's the “Global Challenge”.

11 11 Critical Issues for Germany No certification from Federal Network Agency for Electricity, Gas, Telecommunications, Postal Service and Railways (BNetzA). An expired certificate does not invalidate the signature necessarily. The user must be clear about what exactly is being signed. The dialog just refers to the 'content'.

12 12 Critical Issues for Germany (contnd.) Certificates must be used according to their purpose. OOo does not process the KeyUsage extension. SHA-1 is not regarded as secure for signing data. Documents need to be resigned before algorithms become weak. The revocation status of certificates must be checked.

13 13 Objectives for a Framework Extending OOo easily with new signature components (for example, for different countries) Fast and easy selection of the signing algorithm in the options dialog Replacing the current implementation

14 14 What Signatures Are There XML Digital Signature XML Advanced Electronic Signature (XAdES) CMS Advanced Electronic Signature (CAdES) other Signatures can be stored in different ways: > as file entries in the zip file (currently used) > as file entry in the zip file but signing the whole file > the signature file itself can contain the signed data

15 15 Selecting the Signature Type

16 16 Using Different Signature Types Adding a new signature may break an already existing signature. Different signatures may validate differently. For example, the file is signed with a CMS signature and then a XML signature is added to the file. Difficult user interface. Different validation results are difficult to convey to user. Therefore, only one signature type per document.

17 17 Menu Items Document and macro signatures entries

18 18 Menu Items (contd.) Other signature components may not support a separate macro signature, and need to “disable” the menu item. Or every signature component defines their own menu items

19 19 Menu Items (contnd.) New document: the menu items of the currently selected signature component are displayed. Loading a signed document: the menu items of the signature component that created the signature are displayed. Loading a document with an unknown signature: No signature related menu items are displayed. No additional signature can be added. Requires enhancements for handling of menus and tool bars.

20 20 Status Bar Signature components can provide their own icons and display them in the status bar. OOo can provide a set of standard icons. Requires a new public API.

21 21 Identifying the Signature Component Documents should contain a signature description for these reasons: OOo must recognize a signature even if the matching signature component is not installed. Then no other signature may be written. Only the right signature component produces the expected validation result. Only the right signature component can remove the signature properly. If there is no suitable signature component installed, then the user needs to be informed.

22 22 Unknown Signature Type ODF containing the signature and signature description

23 23 Unknown Signature Type (contd.) ODF file embedded in signature, no access to signature description

24 24 Problems solved? Easier to provide signature components which are adapted to local legal regulations. Easier for the user to chose a signature format. Other problems have been shifted to the developers of the signature components. > Writing, validation, key administration Maybe this framework is overkill and we should focus on one particular type of signature.

25 25 Joachim Lingner joachim.lingner@sun.com Further discussions on dev@openoffice.org

Download ppt "1 Digital Signatures – A Global Challenge Joachim Lingner Software Engineer Sun Microsystems 1."

Similar presentations

Tutorial 8: Developing an Excel Application

Tutorial 8: Developing an Excel Application
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 Shawlands Academy Higher Computing Software Development Unit.

1 Shawlands Academy Higher Computing Software Development Unit.
XP New Perspectives on Microsoft Office Access 2003 Tutorial 12 1 Microsoft Office Access 2003 Tutorial 12 – Managing and Securing a Database.

XP New Perspectives on Microsoft Office Access 2003 Tutorial 12 1 Microsoft Office Access 2003 Tutorial 12 – Managing and Securing a Database.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Data File Access API : Under the Hood Simon Horwith CTO Etrilogy Ltd.

Data File Access API : Under the Hood Simon Horwith CTO Etrilogy Ltd.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Why Java? A brief introduction to Java and its features Prepared by Mithat Konar.

Why Java? A brief introduction to Java and its features Prepared by Mithat Konar.
Certificate revocation list https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html.

Certificate revocation list
SE: CHAPTER 7 Writing The Program

SE: CHAPTER 7 Writing The Program
Integrating security services with the automatic processing of e-mail content TERENA 2001 Antalya, 14-17 May 2001 Francesco Gennai, Marina Buzzi Istituto.

Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.

Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
The Software Development Process

The Software Development Process
PRIOR TO WEB SERVICES THE OTHER TECHNOLOGIES ARE:.

PRIOR TO WEB SERVICES THE OTHER TECHNOLOGIES ARE:.
The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.

The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.
Plug-in Architectures Presented by Truc Nguyen. What’s a plug-in? “a type of program that tightly integrates with a larger application to add a special.

Plug-in Architectures Presented by Truc Nguyen. What’s a plug-in? “a type of program that tightly integrates with a larger application to add a special.
Module 8 Implementing Security Using Group Policy.

Module 8 Implementing Security Using Group Policy.
Appliance Management StratusLab Tutorial (Orsay, France) 28 November 2012.

Appliance Management StratusLab Tutorial (Orsay, France) 28 November 2012.
(0333-4461420) 1 Chapter # 8 How Data is stored DATABASE.

( ) 1 Chapter # 8 How Data is stored DATABASE.
Presented by : Piero Milani ( InfoCamere - Italy)Piero Milani InfoCamere - Italy VCD Signature & VCD Verification strategy as seen by InfoCamere ( WP1.

Presented by : Piero Milani ( InfoCamere - Italy)Piero Milani InfoCamere - Italy VCD Signature & VCD Verification strategy as seen by InfoCamere ( WP1.

Similar presentations

Ads by Google