#SummitNow Introducing CounterSign Nathan McMinn Technical Consultant - Alfresco
#SummitNow What are Digital Signatures? “A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document” ure
#SummitNow 3 Criteria for Digital Signatures Authenticity: Guarantees that a signer is who they say that they are Conveys intent, that the document was intentionally signed for the stated reason
#SummitNow 3 Criteria for Digital Signatures Non-repudiation: Ensures that a signer cannot make a claim that their key is secure while simultaneously claiming that they did not sign a document Requires hard to forge signing artifacts
#SummitNow 3 Criteria for Digital Signatures Integrity: Verification that a document or message has not been altered since it was signed
#SummitNow How do Digital Signatures Work? 1.Create a hash of the document 2.Sign the hash with a private key 3.(Optionally) embed the signed hash in the document Digital signatures rely on asymmetric encryption to allow signing and verification
#SummitNow Signatures: Digital vs. Electronic Digital Signatures – Cryptographic signatures Electronic Signatures – A signature image, like a “wet ink” signature on a paper document
#SummitNow PDF vs. Everything Else PDF documents have separate areas for storing content and signatures. This enables a PDF document to have multiple embedded signatures that do not alter the content, and thus, the hash of the content remains consistent across signings.
#SummitNow PDF vs. Everything Else, part 2 Any type of document can be signed, but the signature is (generally) a separate artifact With a combination of the document, the signature and the public key of the purported signer, the signature can be verified
#SummitNow Project Origin and Direction
#SummitNow The Old Way The Alfresco PDF toolkit can apply signatures, but the interface is not very user friendly!
#SummitNow CounterSign Design Goals 1.Simple for non-technical users 2.Self-service (where possible) 3.Simple to administer 4.Self Contained - External PKI integration possible, but not required 5.Regulatory / Standards compliance
#SummitNow CounterSign Design Goals, API 1.Java Service API – currently sparse, but growing 2.JavaScript API 3.Signature provider interface for external PKI integration 4.Custom Actions for applying signatures, creating form fields and more
#SummitNow A Word on Standards Current CounterSign release (1.0) cannot achieve CAdES / PAdES compliance for PDF documents due to a dependency in Alfresco. Working on it!
#SummitNow Demo
#SummitNow Roadmap 4.2 compatibility CAdES / PAdES compliance Regulatory targets (FDA, etc) Refactor out iText and relicense Enhanced workflow, signing task enhancements
#SummitNow Required Reading Bruno Lowagie’s whitepaper on PDF Signatures: pdf
#SummitNow Project and Contact Info Nathan McMinn – Technical Consultant nathanmcminn.com CounterSign: