10 – 12 APRIL 2005 Riyadh, Saudi Arabia
E-Signature Laws and Development Details Murat Lostar NOSPAM com) Information Security Consultant
Why this subject? Why in this conference? Forecasts are for B2B spending in the US only to reach $6.3 trillion by the end of 2005 This represents a 20 fold increase from B2B spending in 2000 Traditional paper and ink matters are now being advanced to electronic means…but, Security concerns are a key barrier to further growth in B2B commerce M a r k e t n e e d s l o t s o f c o m p l i a n t e - c o m m e r c e s o f t w a r e …
US
ESIGN Act to the Rescue Formally known as: The Electronic Signatures in Global and National Commerce Act Passed by the US Senate as S. 761 Signed into law and effective October 1, 2000 Also known as the “digital signatures act”
ESIGN Act 101 One of the few federal laws governing the business of insurance Allows insurance firms to develop a national electronic signature strategy Permits delivering documents exclusively through electronic means Permits companies to satisfy statutory record retention and retrieval requirements through electronic means
ESIGN Statutory Language Section 101(a) – General Rule of Validity (1) “a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and (2) a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation.”
ESIGN Statutory Language However, an electronic record may be denied legal effect, validity or enforceability if it is not in a form capable of being retained and accurately reproduced by all persons (if any) who are entitled to retain it.
Electronic vs.Digital Signatures Electronic Signature: Describes the full range of electronic means to confirm the sender of the message Ranging from a graphical image of the sender’s handwritten signature (simple but unreliable) to biometric techniques such as iris scans (complex but relaible) Digital Signature: A special form of encryption invented in the 1970s using two different keys One which is kept secret to the user (the private key) and the other which is made publicly available (the public key) Once a message is encrypted using one key, it can only be decrypted by use of the other key. Also referred to as “Public Key Infrastructure” (PKI technology)
“Record” “…information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.”
Record Retention Statutory provisions are satisfied by retaining electronic records that are: Accurate Accessible to persons entitled to access them Capable of accurate reproduction for later reference Communicated by transmission, printing, or otherwise Exception: information whose sole purpose is to enable the contract or other record to be sent, communicated or received
ESIGN & UETA Definitions of Electronic Signatures E-Sign: “…an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.” UETA (Uniform Electronic Transactions Act): “…information or data in electronic form, attached to or logically associated with an electronic record, and executed or adopted by a person or an electronic agent of a person, with the intent to sign a contract, agreement or record.”
UETA Neither discriminates against nor mandates use of e- signatures and e-records Permits e-notaries and e-acknowledgements Enables electronic records retention Extends beyond ESIGN by: Attribution of e-signatures or records Changes or errors in e-records during transmission Non-discrimination against admissibility into evidence Time and place of sending and receipt of e-records
ESIGN & UETA Differences ESIGN does not contain UETA attribution of electronic signatures the time when messages are deemed sent or received Mistakes in electronic contracting Admissibility of electronic records as evidence Electronic documents of title or promissory notes not secured by real property, and The manner in which paper processes will be converted to electronic by state governments
Legislative History Core provisions or ESIGN & UETA are drawn from the 1996 United Nations Commission on International Trade Law (“UNCITRAL”) Model Law on Electronic Commerce
Challenges Governments rely on encryption technology to preclude undesirables and their illegal activities from being detected Business needs to ensure security when transmitting sensitive data over open networks and is being pressured to move more business into an electronic form Where is a contract entered into? The unresolved tension of technology advances vs. bureaucracy
Preemption of State Law The ESIGN Act will preempt any existing state law that seeks to deny effect to electronic signatures solely because they are electronic except as allowed by the Act itself. Where enacted without material changes, UETA is not preempted by ESIGN
What ESIGN Does Not Control Wills and trusts Family law matters Much of the Uniform Commercial Code Court orders, notices & official court documents Other essential notices such as for utility services, health insurance & product recalls
EU
Status of E-Signature Law in Europe EU Directive provides “advanced electronic signatures” will be treated as handwritten signatures if they are: Backed by a qualified certificate: Provided by a certification service provider; and Created by a secure-signature-creation-device
EU Digital Signature Each EU state will have its own law It will be based on “EU Directive” Advanced Digital Signature is required (i.e. PKI based on X509v3 certificates) Most countries require high level security assurance (e.g. ISO EAL4+) What is EAL4+ (Evaluation Assurance Level)EAL
Cryptographic Programming with.NET
Namespace To work with cryptographic classes the System.Security.Cryptography namespace is used.
System.Security.Cryptography namespace Namespace contains basic cryptographic classes. Some of them are the wrappers for Microsoft Crypto API, the others realize algorithms on the managed code. When the new instance of the encryption class is created the keys are generated automatically. For the public key cryptography all the classes are inherited from AssymetricAlgoritm class.
System.Security.Cryptography namespace The Microsoft.NET Framework classes cryptographic library is designed for the maximum flexibility in implementing new algorithms by means of inheriting mechanism. The hierarchy of classes, realizing different cryptographic algorithms, comprises three levels: The type of the algorithm (classes of the first level). The class of the algorithm (classes of the second level). These classes are inherited from the first level classes. At the third level there are classes realizing algorithms proper. They are inherited from the second level classes.
System.Security.Cryptography namespace Following the scheme for realizing the new algorithm with the public key it is necessary to implement the abstract class inherited from AsymmetricAlgorithm class (e.g. ElGamall class). For implementing the new realization of the algorithm to inherit the class from the corresponding abstract class, presenting this algorithm is required (e.g. RSAMyImplementation class). AsymmetricAlgorithm RSA RSACryptoServiceProvider RSAMyImplementation ElGamal ElGamalManaged
RSACryptoServiceProvider class This class can be used both for ciphering data and for digital signing. For signing the data it is enough to create the instance of the class, set the key pair and call methods for signing the data.
RSACryptoServiceProvider class While creating the instance of class, some parameters can be pointed by means of CspParameters structure. The example is the key pair storage name. CspParameters cspParams = new CspParameters(); cspParams.KeyContainerName = “TheKeyPairContainerName”; RSACryptoServiceProvider cspRSA = new RSACryptoServiceProvider (cspParams);
RSACryptoServiceProvider class If the container is empty, when creating the object of class the key pair will be generated anew. The container stores the key pair until it is deleted by the application. The PersistKeyInCsp property is responsible for storing the key in the provider. //Delete key from CSP cspRSA.PersistKeyInCsp = false; cspRSA.PersistKeyInCsp = false; //Clear all resourses of the RSA CSP. //Clear all resourses of the RSA CSP. cspRSA.Clear(); cspRSA.Clear();
RSACryptoServiceProvider class Generating the digital signature. To generate the digital signature the SignHash or the SignData methods can be used. The SignHash method is used to sign data hash. The SignData method performs calculating the hash value and signs it. byte[] bSign = cspRSA.SignHash(bHash, CryptoConfig.MapNameToOID("SHA1")); //OR byte[] bSign = cspRSA.SignData(bData, new SHA1Managed());
RSACryptoServiceProvider Digital signature verification. To verify the digital signature the VerifyHash and VerifyData methods are used. If the signature is valid, the method returns true. cspRSA.VerifyHash(bHash, CryptoConfig.MapNameToOID("SHA1"), bSignedHash); //OR cspRSA.VerifyData(bData, new SHA1Maqnaged());
RSACryptoServiceProvider class Export and import of the keys. In this class the keys are stored in RSAParameters structure. The ExportParameters and The ImportParameters methods are used for export and import the keys correspondingly. When the key is exported it should be pointed the necessity of export the secret key of the key pair or the public key only. RSAParameters RsaParamscspRSA.ExportParameters(false) RSAParameters RsaParams = cspRSA.ExportParameters(false) cspRSA.ImportParameters(RSAParams)
Classes for forming and verifying the digital signature. The formatters classes enable to form the digital signature in PKCS #1 v1.5 format. The deformatters classes enable to verify the digital signature under data in PKCS #1 v1.5 format. AsymmetricSignatureFormatter DSASignatureFormatter RSAPKCS1SignatureFormatter AsymmetricSignatureDeformatter DSASignatureDeformatter RSAPKCS1SignatureDeformatter
RSAPKCS1SignatureFormatter and SAPKCS1SignatureDeformatter classes RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(RSA); RSAFormatter.SetHashAlgorithm("SHA1"); byte[] SignedHash = RSAFormatter.CreateSignature(Hash); RSAPKCS1SignatureDeformatter RSADeformatter = new RSAPKCS1SignatureDeformatter(RSA); RSADeformatter.SetHashAlgorithm("SHA1"); if (RSADeformatter.VerifySignature(Hash, SignedHash)) { //Signature valid }
Key information exchange classes Formatters classes enable to encrypt some data by the public key. Deformatters classes enable to decrypt the data by the corresponding secret key. AsymmetricKeyExchangeFormatter RSAOAEPKeyExchangeFormatter RSAPKCS1KeyExchangeFormatter AsymmetricKeyExchangeDeformatter RSAOAEPKeyExchangeDeformatter RSAPKCS1KeyExchangeDeformatter
RSAPKCS1KeyExchangeFormatter and RSAPKCS1KeyExchangeDeformatter classes RSAPKCS1KeyExchangeFormatter kef = new RSAPKCS1KeyExchangeFormatter(RSA); //Public key is used. kef.Rng = new RNGCryptoServiceProvider(); byte[] bEncryptedDocumet = kef.CreateKeyExchange(bDocument); RSAPKCS1KeyExchangeDeformatter kedf = new RSAPKCS1KeyExchangeDeformatter(RSA); //Private key is used. byte[] bDecryptedDocument = kedf.DecryptKeyExchange(bEncryptedDocumet);
SHA1CryptoServiceProvider class This class realizes hash calculating following the SHA1 algorithm through the calls of Crypto API library. To calculate the value of hash to create the instance of class and to call the ComputeHash method is required. SHA1CryptoServiceProvider cspSHA = new SHA1CryptoServiceProvider(); byte[] bHash = cspSHA.ComputeHash(bData);
Example: Pocket PC Signature Application Client that runs on the Pocket PC Client sends signature data over TCP sockets to a server Data is encrypted and decrypted using the cryptography services Detailed explanations and text can be found on MSDN
How the application works? The client collects signature data in a custom control The data is encrypted using the CryptEncrypt API function and sent over a TCP socket to the server application.
Settings are stored in an XML.config file on the Pocket PC file system Server IP address Port number Passphrase.
Desktop The server receives the encrypted signature over a socket and decrypts the data using the CryptDecrypt API function. Displays four different views of the signature: signature, points, encrypt decrypt. The main signature view draws and scales the signature segments to fit the current window size.
The x and y coordinates for each line segment in the signature are displayed in the points view.
The signature data that is received over the TCP socket is displayed in the encrypt view.
The decrypted data is displayed in the decrypt view. You can see that the encrypted and decrypted data are completely different. Why the stream lengths are different? 1673 Bytes (decrypt) 1680 Bytes (encrypt)
Data Encryption The client application encrypts the signature data before sending it over the network. The.NET Compact Framework does not support the Security.Cryptography namespace so the data is encrypted by calling the crypto API functions directly. All of the crypto functionality is encapsulated in the sample Crypto class that exposes two methods: Encrypt and Decrypt. This allows applications to easily encrypt and decrypt data using the powerful cryptography services without worrying about the details.
VB.NET Public Shared Function Encrypt( _ passphrase As String, data() As Byte) As Byte() Public Shared Function Decrypt( _ passphrase As String, data() As Byte) As Byte()
Passphrase A crypto key is required to encrypt and decrypt data. The passphrase does not define the strength of encryption; it’s an input that defines how the crypto key is generated. First, a 128-bit hash object is created from the passphrase Then a 40-bit crypto key is generated from the hash. Changing the passphrase dramatically changes the encryption key The key strength is always the same (a 40-bit key contains over 1 trillion possible combinations).
Encrypt and Send ' encrypt the data Dim encryptData As Byte() = Crypto.Encrypt( _ Global.Settings.GetString(SettingKeys.CryptPassphrase), _ signature.SignatureBits) ' send to server client.Send(encryptData)
Server Decrypt decrypt the signature data Dim data As Byte() = Crypto.Decrypt(textPassphrase.Text, encryptData)
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.