Electronic Signatures
What signature formats do you know?
ASN-1 based: PKCS#7, CMS XML-based: XMLDSIG, XAdES Describes how signature was created, policies, etc
What is an electronic signature? How is it related to digital signature schemes?
An "authentication" of an electronic document to "prove" who signed it and what they signed. An electronic signature is legally binding (and defined legally) but a digital signature is a technical term that involves encoding something with one's private key
How is long-term validity of electronic signatures achieved?
Archiving of signatures, i.e. time stamping at regular intervals
How are electronic signatures created?
Signatory reviews document, gives document to Signature Creation Application, App hashes document and sends hash to a (Secure) Signature Creation Device, Device computes signature and sends it back to App who appends it to the document.
What does the concept of grace period mean?
The idea that a certificate revocation list (CRL) needs time to be updated, so we need to allow some extra time for the CRL to be 100% accurate (and thus build in extra time to our verification process)
What is time stamping? Why do we need it?
Time stamping is the process of adding a time to verify when the signature was created. We need to trust the lifetime of the document and know for when the signature is valid
What is the procedure to verify an electronic signature?
Verify technical validity (cryptographic and certificate validity), verify whether it is legally and organizationally acceptable (did the user have a write to sign, how secure is it, etc)