SlideShare a Scribd company logo

Digital Signatures Explained

Download as PPTX, PDF
iText Group nv
iText Group nv

This document summarizes how digital signatures are implemented in PDF documents. It discusses the need for integrity, authenticity and non-repudiation that digital signatures provide. It covers basic concepts like hashing, encryption and digital signatures. It then explains how these concepts are applied specifically to PDF, following standards like ISO 32000 and PAdES. It discusses server-side signing, client-side signing and deferred signing architectures. It also covers how digital signatures can be used in document workflows and long-term validation strategies like revocation, timestamps and document security stores.

Technology
1 of 46
© 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital Signatures: How It’s Done in PDF Zetes eaZySign event (Kasteel van Ruisbroek: April 2, 2015)
© 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Agenda • Why do we need digital signatures? • Basic concepts… • … applied to PDF • Architectures: server-side vs. client-side • Digital signatures and document workflow • Long term validation
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF3 Why do we need digital signatures? Integrity Authenticity Non-repudiation
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Integrity Digital signatures: How It's Done in PDF4 I paid a forged invoice and lost 30K€ !
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Authenticity Digital signatures: How It's Done in PDF5 Why am I, Emperor Constantine I, in this picture? I never transferred authority to the Pope!
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Non-repudiation Digital signatures: How It's Done in PDF6 I didn’t do it!
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Three goals Integrity — we want assurance that the document hasn’t been changed somewhere in the workflow. Authenticity — we want assurance that the author of the document is who we think it is (and not somebody else). Non-repudiation — we want assurance that the author can’t deny his authorship. Digital signatures: How It's Done in PDF7
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF8 Basic Concepts… Hashing algorithms Encryption algorithms Digital signatures
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Hashing Hashing algorithm a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. Available algorithms MD5: Ron Rivest (deprecated) SHA: SHA-1: NSA (phased out!) SHA-2: NSA / NIST SHA-3: Keccak (made in Belgium!) RIPEMD: KULeuven Digital signatures: How It's Done in PDF9
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Integrity check using hash Digital signatures: How It's Done in PDF10 Document Generate Hash AF1B4C...D34E Secure Server / Website Retrieve Hash AF1B4C...D34E Compare!
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Encryption Assymetric key algorithms Encryption Digital signing Digital signatures: How It's Done in PDF11
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Some name dropping Public Key Cryptography Standards PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) PKCS#7: Cryptographic Message Standard (CMS) PKCS#11: Cryptographic Token Interface PKCS#12: Personal Information Exchange Syntax Standard PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) Federal Information Processing Standards (FIPS) DSA: Digital Signature Algorithm (DSA) European Telecommunications Standards Institute (ETSI) CMS Advanced Electronic Signatures (CAdES) Digital signatures: How It's Done in PDF12
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1 + Concept 2 Producer Provides data as-is: [A] Provides hash of data, encrypted using private key: [B] Provides public key Consumer Creates hash from data [A]: hash1 Decrypts hash [B] using public key: hash2 If (hash1 == hash2) document OK! Digital signatures: How It's Done in PDF13
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Goals met? Integrity Hashes are identical Authenticity Identity is stored in public key A time-stamp can be added Non-repudiation If hash can be decrypted with public key, the document was signed with the corresponding private key Digital signatures: How It's Done in PDF14
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Differences between EU and US In the US, we make a distinction Electronic signatures don’t necessarily involve PKI Digital signatures when a PKI infrastructure is involved In Europe, we speak of electronic signatures As a synonym for digital signatures All laws and regulations take this wording There’s no sharp distinction between electronic and digital signatures (which leads to confusion) I always speak of digital signatures Digital signatures: How It's Done in PDF15
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF16 … Applied to PDF ISO 32000-1 ETSI TS 102 778 (PAdES) ISO 32000-2
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Standards ISO ISO-32000-1 (2008) based on PDF 1.7 (2006) ISO-32000-2 will define PDF 2.0 (2016) ETSI: TS 102 778 (2009 - 2010) PAdES 1: Overview PAdES 2: Basic – CMS based (ISO-32000-1) PAdES 3: Enhanced – CAdES based (ISO-32000-2) PAdES 4: LTV – Long Term Validation PAdES 5: XAdES based (XML content) PAdES 6: Visual representation guidelines ETSI: TS 103 172 (2011 - 2013) PAdES Baseline Profile Digital signatures: How It's Done in PDF17
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Signatures in PDF There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*) The digital signature isn’t part of the ByteRange. The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*) Digital signatures: How It's Done in PDF18
© 2015, iText Group NV, iText Software Corp., iText Software BVBA What’s inside a signature? Digital signatures: How It's Done in PDF19 ISO-32000: At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices (“should” also have): • Full certificate chain • Revocation information (CRL / OCSP) • Timestamp %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate chain • Revocation information • Timestamp
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF20 Architectures Server-side signing Client-side signing Deferred signing
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Server-side signing Digital signatures: How It's Done in PDF21 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application DeviceSERVER
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases server-side signing Company signature Invoices Contracts … Signing services in the Cloud Docusign Echosign … Security management responsibilities! Digital signatures: How It's Done in PDF22
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Client-side signing Digital signatures: How It's Done in PDF23 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest ApplicationDevice CLIENT
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases client-side signing Desktop applications Adobe Acrobat Pro Adobe Reaer (for Reader-enabled documents) Home-made, e.g. using iText In a web context The PDF software runs on the client, e.g. using Java Web Start Access to the token or smart card through MSCAPI PKCS#11 Custom smart card library Security User has smart card and PIN or USB token and passphrase Digital signatures: How It's Done in PDF24
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Deferred signing Digital signatures: How It's Done in PDF25 Signed Message Digest AppDevice CLIENT <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Application SERVER
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases deferred signing Signing on an iPad/Tablet App on the device has a low footprint Easy to integrate into a document management system Disadvantage You need to trust the server that the hash you receive is actually the hash of the document you want to sign Common Criteria A framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. Digital signatures: How It's Done in PDF26
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF27 Digital signatures and workflow Author signatures Recipient signatures Locking fields / documents
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Serial signatures 28 %PDF-1.x % Original document % Additional content 1 ... ... %%EOF DIGITAL SIGNATURE 1 ... %%EOF DIGITAL SIGNATURE 2 % Additional content 2 ... ... %%EOF DIGITAL SIGNATURE 3 Rev1 Rev2 Rev3 A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures. Digital signatures: How It's Done in PDF
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: types Certification (aka author) signature Only possible for the first revision Involves modification detection permissions: No changes allowed Form filling and signing allowed Form filling, signing and commenting allowed Approval (aka recipient) signature Workflow with subsequent signers New in PDF 2.0: modification detection permissions Digital signatures: How It's Done in PDF29
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Other possible icons Signer’s identity is unknown Document has been altered or corrupted Digital signatures: How It's Done in PDF30
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Certified by Alice Digital signatures: How It's Done in PDF31
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Bob Digital signatures: How It's Done in PDF32
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Bob’s signature invalidated by Chuck Digital signatures: How It's Done in PDF33
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Carol Digital signatures: How It's Done in PDF34
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Dave Digital signatures: How It's Done in PDF35
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Signature and lock broken by Chuck Digital signatures: How It's Done in PDF36
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF37 Long-term validation Revocation Timestamps LTV
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates expire Digital signatures: How It's Done in PDF38 Expiration date 2013 2014 2015
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates get revoked Digital signatures: How It's Done in PDF39 Expiration dateRevocation date 2013 2014 2015
© 2015, iText Group NV, iText Software Corp., iText Software BVBA How to survive revocation / expiration? Digital signatures: How It's Done in PDF40 Expiration dateRevocation date
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Timestamps Digital signatures: How It's Done in PDF41
© 2015, iText Group NV, iText Software Corp., iText Software BVBA What to do when: There’s no CRL/OCSP/TS in the document? The certificate is about to expire in one of your documents? The hashing/encryption algorithm is about to be deprecated? Digital signatures: How It's Done in PDF42
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Document Security Store (DSS) Digital signatures: How It's Done in PDF43 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DIGITAL SIGNATURE • Signed Message Digest • Certificate
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Document-level timestamp Digital signatures: How It's Done in PDF44 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF45 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF46 Questions? itextpdf.com SG: sales.isa@itextpdf.com +65 31 58 39 47 BE: sales.isb@itextpdf.com +32 92 98 02 31 US: sales.isc@itextpdf.com +1 617 982 646

Recommended

Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,ShivangiSingh241
 
Image Steganography using MATLAB
Image Steganography using MATLABImage Steganography using MATLAB
Image Steganography using MATLABVijayMaheshwari12
 
Cryptography
CryptographyCryptography
CryptographyDeepak Kumar
 
Substitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSubstitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSunil Meena
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Saravanan T.M
 
House Temperature Monitoring using AWS IoT And Raspberry Pi
House Temperature Monitoring using AWS IoT And Raspberry PiHouse Temperature Monitoring using AWS IoT And Raspberry Pi
House Temperature Monitoring using AWS IoT And Raspberry PiRoberto Falconi
 
Hash mac algorithms
Hash mac algorithmsHash mac algorithms
Hash mac algorithmsTony Nguyen
 

Recommended

Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityHuda Seyam
 
CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,CYBER SECURITY : DIGITAL SIGNATURE,
CYBER SECURITY : DIGITAL SIGNATURE,ShivangiSingh241
 
Image Steganography using MATLAB
Image Steganography using MATLABImage Steganography using MATLAB
Image Steganography using MATLABVijayMaheshwari12
 
Cryptography
CryptographyCryptography
CryptographyDeepak Kumar
 
Substitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSubstitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSunil Meena
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Saravanan T.M
 
House Temperature Monitoring using AWS IoT And Raspberry Pi
House Temperature Monitoring using AWS IoT And Raspberry PiHouse Temperature Monitoring using AWS IoT And Raspberry Pi
House Temperature Monitoring using AWS IoT And Raspberry PiRoberto Falconi
 
Hash mac algorithms
Hash mac algorithmsHash mac algorithms
Hash mac algorithmsTony Nguyen
 
Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
SL1SL3 MixMode Feature
SL1SL3 MixMode FeatureSL1SL3 MixMode Feature
SL1SL3 MixMode FeatureNXP MIFARE Team
 
Speech Dubbing Software
Speech Dubbing SoftwareSpeech Dubbing Software
Speech Dubbing SoftwarePushkarKumar8856
 
IPTV Security
IPTV SecurityIPTV Security
IPTV SecurityM.Syarifudin, ST, OSCP, OSWP
 
Iptv.Ppt
Iptv.PptIptv.Ppt
Iptv.Pptuzukhan
 
Digital signature Brief Introduction
Digital signature Brief IntroductionDigital signature Brief Introduction
Digital signature Brief IntroductionGanesh Kothe
 
Near field communication(NFC)
Near field communication(NFC)Near field communication(NFC)
Near field communication(NFC)divyakalra200
 
Audio Cryptography System
Audio Cryptography SystemAudio Cryptography System
Audio Cryptography SystemRaju Raj
 
BLUETOOTH _TECHNOLOGY
BLUETOOTH _TECHNOLOGYBLUETOOTH _TECHNOLOGY
BLUETOOTH _TECHNOLOGYJigyanshu Jangid
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and AuthenticityHardik Manocha
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL? Shehzad Imran
 
Technical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum WorldTechnical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum WorldSiri Murthy
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
Challenges and application of Internet of Things
Challenges and application of Internet of ThingsChallenges and application of Internet of Things
Challenges and application of Internet of ThingsAshutosh Bhardwaj
 
IoT Fundamentals.pdf
IoT Fundamentals.pdfIoT Fundamentals.pdf
IoT Fundamentals.pdfVishnumayaN1
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard) Sina Manavi
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFiText Group nv
 
Digital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneDigital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneBruno Lowagie
 

More Related Content

What's hot

Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentationdegarden
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
Iptv.Ppt
Iptv.PptIptv.Ppt
Iptv.Pptuzukhan
 
Digital signature Brief Introduction
Digital signature Brief IntroductionDigital signature Brief Introduction
Digital signature Brief IntroductionGanesh Kothe
 
Near field communication(NFC)
Near field communication(NFC)Near field communication(NFC)
Near field communication(NFC)divyakalra200
 
Audio Cryptography System
Audio Cryptography SystemAudio Cryptography System
Audio Cryptography SystemRaju Raj
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and AuthenticityHardik Manocha
 
Technical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum WorldTechnical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum WorldSiri Murthy
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solutionPradeep Jeswani
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
Challenges and application of Internet of Things
Challenges and application of Internet of ThingsChallenges and application of Internet of Things
Challenges and application of Internet of ThingsAshutosh Bhardwaj
 
IoT Fundamentals.pdf
IoT Fundamentals.pdfIoT Fundamentals.pdf
IoT Fundamentals.pdfVishnumayaN1
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoTFIDO Alliance
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard) Sina Manavi
 

What's hot (20)

Stream ciphers presentation
Stream ciphers presentationStream ciphers presentation
Stream ciphers presentation
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
 
SL1SL3 MixMode Feature
SL1SL3 MixMode FeatureSL1SL3 MixMode Feature
SL1SL3 MixMode Feature
 
Speech Dubbing Software
Speech Dubbing SoftwareSpeech Dubbing Software
Speech Dubbing Software
 
IPTV Security
IPTV SecurityIPTV Security
IPTV Security
 
Iptv.Ppt
Iptv.PptIptv.Ppt
Iptv.Ppt
 
Digital signature Brief Introduction
Digital signature Brief IntroductionDigital signature Brief Introduction
Digital signature Brief Introduction
 
Near field communication(NFC)
Near field communication(NFC)Near field communication(NFC)
Near field communication(NFC)
 
Audio Cryptography System
Audio Cryptography SystemAudio Cryptography System
Audio Cryptography System
 
BLUETOOTH _TECHNOLOGY
BLUETOOTH _TECHNOLOGYBLUETOOTH _TECHNOLOGY
BLUETOOTH _TECHNOLOGY
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 
Technical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum WorldTechnical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum World
 
Iot security and Authentication solution
Iot security and Authentication solutionIot security and Authentication solution
Iot security and Authentication solution
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 Certificates
 
Challenges and application of Internet of Things
Challenges and application of Internet of ThingsChallenges and application of Internet of Things
Challenges and application of Internet of Things
 
IoT Fundamentals.pdf
IoT Fundamentals.pdfIoT Fundamentals.pdf
IoT Fundamentals.pdf
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard)
 

Similar to Digital Signatures Explained

ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFiText Group nv
 
Digital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneDigital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneBruno Lowagie
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?XeniT Solutions nv
 
1.31.17 Asignet Technology FAQ & Vendor Assurance Summary
1.31.17 Asignet Technology FAQ & Vendor Assurance Summary1.31.17 Asignet Technology FAQ & Vendor Assurance Summary
1.31.17 Asignet Technology FAQ & Vendor Assurance SummaryJason Koenigsberg,MBA
 
Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015Noemi Haag
 
IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)Dania Rashid
 
Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014Hans-Chr. Brockmann
 
V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]Robert Grawet
 
Serial RS232 to Keyboard wedge software
Serial RS232 to Keyboard wedge softwareSerial RS232 to Keyboard wedge software
Serial RS232 to Keyboard wedge softwaretopomax
 
Easy Invoice Solution Package
Easy Invoice Solution PackageEasy Invoice Solution Package
Easy Invoice Solution Packagehromzykowski
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustZeev Shetach
 
WSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use CaseWSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use CaseProfesia Srl, Lynx Group
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Innova Advanced Consulting
 

Similar to Digital Signatures Explained (20)

ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
 
Digital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneDigital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's done
 
ECM & Digital Signature
ECM & Digital SignatureECM & Digital Signature
ECM & Digital Signature
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overview
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
Voip security
Voip securityVoip security
Voip security
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?
 
1.31.17 Asignet Technology FAQ & Vendor Assurance Summary
1.31.17 Asignet Technology FAQ & Vendor Assurance Summary1.31.17 Asignet Technology FAQ & Vendor Assurance Summary
1.31.17 Asignet Technology FAQ & Vendor Assurance Summary
 
Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015
 
IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)
 
Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014
 
V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]
 
Embed trust in your software & data
Embed trust in your software & dataEmbed trust in your software & data
Embed trust in your software & data
 
Serial RS232 to Keyboard wedge software
Serial RS232 to Keyboard wedge softwareSerial RS232 to Keyboard wedge software
Serial RS232 to Keyboard wedge software
 
Digital signatur
Digital signaturDigital signatur
Digital signatur
 
Easy Invoice Solution Package
Easy Invoice Solution PackageEasy Invoice Solution Package
Easy Invoice Solution Package
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrust
 
WSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use CaseWSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use Case
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...
 

More from iText Group nv

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPRiText Group nv
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photoboothiText Group nv
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentationiText Group nv
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitiText Group nv
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensingiText Group nv
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projectsiText Group nv
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7iText Group nv
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hareiText Group nv
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegaliText Group nv
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!iText Group nv
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Group nv
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Group nv
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Group nv
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms ArchitectureiText Group nv
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!iText Group nv
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadiText Group nv
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsiText Group nv
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...iText Group nv
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standardsiText Group nv
 

More from iText Group nv (20)

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPR
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photobooth
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentation
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hit
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensing
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projects
 
Oops, I broke my API
Oops, I broke my APIOops, I broke my API
Oops, I broke my API
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hare
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycle
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talk
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms Architecture
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road ahead
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFs
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standards
 

Recently uploaded

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 

Recently uploaded (20)

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 

Digital Signatures Explained

  • 1. © 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital Signatures: How It’s Done in PDF Zetes eaZySign event (Kasteel van Ruisbroek: April 2, 2015)
  • 2. © 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Agenda • Why do we need digital signatures? • Basic concepts… • … applied to PDF • Architectures: server-side vs. client-side • Digital signatures and document workflow • Long term validation
  • 3. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF3 Why do we need digital signatures? Integrity Authenticity Non-repudiation
  • 4. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Integrity Digital signatures: How It's Done in PDF4 I paid a forged invoice and lost 30K€ !
  • 5. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Authenticity Digital signatures: How It's Done in PDF5 Why am I, Emperor Constantine I, in this picture? I never transferred authority to the Pope!
  • 6. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Non-repudiation Digital signatures: How It's Done in PDF6 I didn’t do it!
  • 7. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Three goals Integrity — we want assurance that the document hasn’t been changed somewhere in the workflow. Authenticity — we want assurance that the author of the document is who we think it is (and not somebody else). Non-repudiation — we want assurance that the author can’t deny his authorship. Digital signatures: How It's Done in PDF7
  • 8. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF8 Basic Concepts… Hashing algorithms Encryption algorithms Digital signatures
  • 9. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Hashing Hashing algorithm a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. Available algorithms MD5: Ron Rivest (deprecated) SHA: SHA-1: NSA (phased out!) SHA-2: NSA / NIST SHA-3: Keccak (made in Belgium!) RIPEMD: KULeuven Digital signatures: How It's Done in PDF9
  • 10. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Integrity check using hash Digital signatures: How It's Done in PDF10 Document Generate Hash AF1B4C...D34E Secure Server / Website Retrieve Hash AF1B4C...D34E Compare!
  • 11. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Encryption Assymetric key algorithms Encryption Digital signing Digital signatures: How It's Done in PDF11
  • 12. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Some name dropping Public Key Cryptography Standards PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) PKCS#7: Cryptographic Message Standard (CMS) PKCS#11: Cryptographic Token Interface PKCS#12: Personal Information Exchange Syntax Standard PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) Federal Information Processing Standards (FIPS) DSA: Digital Signature Algorithm (DSA) European Telecommunications Standards Institute (ETSI) CMS Advanced Electronic Signatures (CAdES) Digital signatures: How It's Done in PDF12
  • 13. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1 + Concept 2 Producer Provides data as-is: [A] Provides hash of data, encrypted using private key: [B] Provides public key Consumer Creates hash from data [A]: hash1 Decrypts hash [B] using public key: hash2 If (hash1 == hash2) document OK! Digital signatures: How It's Done in PDF13
  • 14. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Goals met? Integrity Hashes are identical Authenticity Identity is stored in public key A time-stamp can be added Non-repudiation If hash can be decrypted with public key, the document was signed with the corresponding private key Digital signatures: How It's Done in PDF14
  • 15. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Differences between EU and US In the US, we make a distinction Electronic signatures don’t necessarily involve PKI Digital signatures when a PKI infrastructure is involved In Europe, we speak of electronic signatures As a synonym for digital signatures All laws and regulations take this wording There’s no sharp distinction between electronic and digital signatures (which leads to confusion) I always speak of digital signatures Digital signatures: How It's Done in PDF15
  • 16. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF16 … Applied to PDF ISO 32000-1 ETSI TS 102 778 (PAdES) ISO 32000-2
  • 17. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Standards ISO ISO-32000-1 (2008) based on PDF 1.7 (2006) ISO-32000-2 will define PDF 2.0 (2016) ETSI: TS 102 778 (2009 - 2010) PAdES 1: Overview PAdES 2: Basic – CMS based (ISO-32000-1) PAdES 3: Enhanced – CAdES based (ISO-32000-2) PAdES 4: LTV – Long Term Validation PAdES 5: XAdES based (XML content) PAdES 6: Visual representation guidelines ETSI: TS 103 172 (2011 - 2013) PAdES Baseline Profile Digital signatures: How It's Done in PDF17
  • 18. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Signatures in PDF There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*) The digital signature isn’t part of the ByteRange. The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*) Digital signatures: How It's Done in PDF18
  • 19. © 2015, iText Group NV, iText Software Corp., iText Software BVBA What’s inside a signature? Digital signatures: How It's Done in PDF19 ISO-32000: At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices (“should” also have): • Full certificate chain • Revocation information (CRL / OCSP) • Timestamp %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate chain • Revocation information • Timestamp
  • 20. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF20 Architectures Server-side signing Client-side signing Deferred signing
  • 21. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Server-side signing Digital signatures: How It's Done in PDF21 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application DeviceSERVER
  • 22. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases server-side signing Company signature Invoices Contracts … Signing services in the Cloud Docusign Echosign … Security management responsibilities! Digital signatures: How It's Done in PDF22
  • 23. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Client-side signing Digital signatures: How It's Done in PDF23 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest ApplicationDevice CLIENT
  • 24. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases client-side signing Desktop applications Adobe Acrobat Pro Adobe Reaer (for Reader-enabled documents) Home-made, e.g. using iText In a web context The PDF software runs on the client, e.g. using Java Web Start Access to the token or smart card through MSCAPI PKCS#11 Custom smart card library Security User has smart card and PIN or USB token and passphrase Digital signatures: How It's Done in PDF24
  • 25. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Deferred signing Digital signatures: How It's Done in PDF25 Signed Message Digest AppDevice CLIENT <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Application SERVER
  • 26. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases deferred signing Signing on an iPad/Tablet App on the device has a low footprint Easy to integrate into a document management system Disadvantage You need to trust the server that the hash you receive is actually the hash of the document you want to sign Common Criteria A framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. Digital signatures: How It's Done in PDF26
  • 27. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF27 Digital signatures and workflow Author signatures Recipient signatures Locking fields / documents
  • 28. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Serial signatures 28 %PDF-1.x % Original document % Additional content 1 ... ... %%EOF DIGITAL SIGNATURE 1 ... %%EOF DIGITAL SIGNATURE 2 % Additional content 2 ... ... %%EOF DIGITAL SIGNATURE 3 Rev1 Rev2 Rev3 A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures. Digital signatures: How It's Done in PDF
  • 29. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: types Certification (aka author) signature Only possible for the first revision Involves modification detection permissions: No changes allowed Form filling and signing allowed Form filling, signing and commenting allowed Approval (aka recipient) signature Workflow with subsequent signers New in PDF 2.0: modification detection permissions Digital signatures: How It's Done in PDF29
  • 30. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Other possible icons Signer’s identity is unknown Document has been altered or corrupted Digital signatures: How It's Done in PDF30
  • 31. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Certified by Alice Digital signatures: How It's Done in PDF31
  • 32. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Bob Digital signatures: How It's Done in PDF32
  • 33. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Bob’s signature invalidated by Chuck Digital signatures: How It's Done in PDF33
  • 34. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Carol Digital signatures: How It's Done in PDF34
  • 35. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Dave Digital signatures: How It's Done in PDF35
  • 36. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Signature and lock broken by Chuck Digital signatures: How It's Done in PDF36
  • 37. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF37 Long-term validation Revocation Timestamps LTV
  • 38. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates expire Digital signatures: How It's Done in PDF38 Expiration date 2013 2014 2015
  • 39. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates get revoked Digital signatures: How It's Done in PDF39 Expiration dateRevocation date 2013 2014 2015
  • 40. © 2015, iText Group NV, iText Software Corp., iText Software BVBA How to survive revocation / expiration? Digital signatures: How It's Done in PDF40 Expiration dateRevocation date
  • 41. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Timestamps Digital signatures: How It's Done in PDF41
  • 42. © 2015, iText Group NV, iText Software Corp., iText Software BVBA What to do when: There’s no CRL/OCSP/TS in the document? The certificate is about to expire in one of your documents? The hashing/encryption algorithm is about to be deprecated? Digital signatures: How It's Done in PDF42
  • 43. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Document Security Store (DSS) Digital signatures: How It's Done in PDF43 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DIGITAL SIGNATURE • Signed Message Digest • Certificate
  • 44. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Document-level timestamp Digital signatures: How It's Done in PDF44 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
  • 45. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF45 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
  • 46. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF46 Questions? itextpdf.com SG: sales.isa@itextpdf.com +65 31 58 39 47 BE: sales.isb@itextpdf.com +32 92 98 02 31 US: sales.isc@itextpdf.com +1 617 982 646