Download presentation
Presentation is loading. Please wait.
Published byViolet Gordon Modified over 8 years ago
1
#SummitNow Introducing CounterSign Nathan McMinn Technical Consultant - Alfresco
2
#SummitNow What are Digital Signatures? “A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document” http://en.wikipedia.org/wiki/Digital_signat ure
3
#SummitNow 3 Criteria for Digital Signatures Authenticity: Guarantees that a signer is who they say that they are Conveys intent, that the document was intentionally signed for the stated reason
4
#SummitNow 3 Criteria for Digital Signatures Non-repudiation: Ensures that a signer cannot make a claim that their key is secure while simultaneously claiming that they did not sign a document Requires hard to forge signing artifacts
5
#SummitNow 3 Criteria for Digital Signatures Integrity: Verification that a document or message has not been altered since it was signed
6
#SummitNow How do Digital Signatures Work? 1.Create a hash of the document 2.Sign the hash with a private key 3.(Optionally) embed the signed hash in the document Digital signatures rely on asymmetric encryption to allow signing and verification
7
#SummitNow Signatures: Digital vs. Electronic Digital Signatures – Cryptographic signatures Electronic Signatures – A signature image, like a “wet ink” signature on a paper document
8
#SummitNow PDF vs. Everything Else PDF documents have separate areas for storing content and signatures. This enables a PDF document to have multiple embedded signatures that do not alter the content, and thus, the hash of the content remains consistent across signings.
9
#SummitNow PDF vs. Everything Else, part 2 Any type of document can be signed, but the signature is (generally) a separate artifact With a combination of the document, the signature and the public key of the purported signer, the signature can be verified
10
#SummitNow Project Origin and Direction
11
#SummitNow The Old Way The Alfresco PDF toolkit can apply signatures, but the interface is not very user friendly!
12
#SummitNow CounterSign Design Goals 1.Simple for non-technical users 2.Self-service (where possible) 3.Simple to administer 4.Self Contained - External PKI integration possible, but not required 5.Regulatory / Standards compliance
13
#SummitNow CounterSign Design Goals, API 1.Java Service API – currently sparse, but growing 2.JavaScript API 3.Signature provider interface for external PKI integration 4.Custom Actions for applying signatures, creating form fields and more
14
#SummitNow A Word on Standards Current CounterSign release (1.0) cannot achieve CAdES / PAdES compliance for PDF documents due to a dependency in Alfresco. Working on it!
15
#SummitNow Demo
16
#SummitNow Roadmap 4.2 compatibility CAdES / PAdES compliance Regulatory targets (FDA, etc) Refactor out iText and relicense Enhanced workflow, signing task enhancements
17
#SummitNow Required Reading Bruno Lowagie’s whitepaper on PDF Signatures: http://itextpdf.com/book/digitalsignatures201 30304.pdf
18
#SummitNow Project and Contact Info Nathan McMinn – Technical Consultant Twitter: @ntmcminn nathanmcminn.com CounterSign: https://github.com/ntmcminn/CounterSign
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.