December 2008 Archives

This article is on the basics of digital signature technology. To start with we need to get up to speed on what is called PKI technology (Public Key Infrastructure) because that is what is used for PDF and most other digital signatures.

Some simple basics

The PKI is based, in large part, on the clever asymmetric public key cryptography. Keys are relatively small strings of data that are needed to encrypt and decrypt much larger strings of data. For us, those larger strings of data are PDF document files. The clever invention is to provide a user with two keys that are unique to that individual, one being a "private" key that only that person has and the other a "public" key that is openly given to others. The term "asymmetric" derives from the notion that if one key of a pair is used to encrypt something then the other key of that pair is what must be used to decrypt it. If the same key is used to both encrypt and decrypt then it is a "symmetric" key.

So for example, if I use the private key, of my asymmetric pair, to encrypt a PDF file then I can send that file and my public key to anyone and they will be able to decrypt it.  Why would I send a file and the means to decrypt it together? The answer is, if the file can be successfully decrypted with my public key then, with statistically high confidence, you know that I was the one, and the only one, that could have encrypted it because I am the only one in possession of my private key. Furthermore it cannot have been changed since I did the encryption, or the decryption would have failed. Keeping private keys private is, of course, fundamental to this whole business.

In the reverse direction, if you want to send me something that only I can open, you can encrypt it with my public key and given that my paired private key is only known to me, I am the only one that can decrypt it. Neat, huh!

So, if it were a perfect world, we would all have our pairs of keys, with our private key only held and known by us and our public key available and known to everyone. But two things complicate this picture. How do I associate you, the person with your public key, a string of bytes on my computer?  I could get them from you directly but I still have to worry about them being tampered with while in my possession (within my computer). And if you are a stranger to me, how can I associate your public key with you?   So now enter the "Infrastructure" part of Pubic Key Infrastructure.

What the industry has proposed and implemented is a system of automated notaries that run on (Internet) servers, called "Certificate Authorities" (CAs), or in the EU "Certification Service Providers" (CSPs).  A means to protect the public keys has also been invented using cryptographic documents called "certificates". This is the "infrastructure" part of PKI. The CAs "sign" the certificate documents containing my public key with their private keys just as I sign documents using my private key. The process is, of necessity, hierarchical since I can then ask how I know for sure that I am using the proper public key for that particular CA to check its signing. The answer is by using a certificate created by a higher authority CA that securely supplies me the lower level CAs public key. This stops at some root where I check the proper public key by some other, perhaps manual, means.

The second complication is that I might want to have more than one identity for different roles that I may need to play so I can have multiple key pairs and hence multiple certificates. There is also a spectrum of how strongly the CAs checks out who you are before giving you a certificate so I may have more than one for that reason.

This stuff is all in place and operational but user education seems to be a major obstacle. Each person has to obtain one or more certificates from an authority at a suitable level and establish trusted root authorities for checking other's certificates. I also think that there are way to many options and choices which all fall to the users, who are mostly naive in this technology.

In a subsequent blog I will cover how all this works with PDF files.

Jim King (contact: jking@adobe.com)

 

When the PDF 1.7 documentation was being reviewed as an ISO Draft last year, one of the most deeply questioned and apparently confusing parts of the standard had to do with the digital signature support defined for PDF. This was especially challenged by European experts on digital signatures. As a consequence of this, I have been learning as much as I can about how digital signatures are handled in PDF, electronic/digital signatures in general, the European Union Directives for Electronic Signatures and the European Telecommunications Standards Institute (ETSI) and its Electronic Signature and Infrastructure Technical Committee (ETSI/ESI). I want to share some of what I have learned with you in this series of blog articles.

Introduction: There is signing and then there is signing

First, you need to understand that the phrase "digital signature" has very special technical meaning. Normally when the word "signature" is used we think of something like this:

I learned early in my adult life, through some painful real estate transactions, that the world's system for conducting business is truly built around honest people who trust each other. You can write contracts that are hundred's of pages long and if someone wants to violate the spirit of the transaction they will still find a way to do it. Our system, based upon these simple ink on paper signatures, is technically very flawed, but it is still the core method used to conduct business worldwide because we rely upon the basic honesty of people.

Someone can change a signed paper document, and if done with skill, the change can be detectable only by an expert. With our widespread availability of high quality copiers it is easy to take a signature off one document and put it onto a different one. Executing criminal activity around paper and ink signatures is rather simple. Not getting caught may be a different story.

We dramatize the idea that only an expert forger can draw my contorted signature just like I do, and we dramatize that there are equally expert analysts that can detect forgeries. The courtroom drama with the expert's testimony is seldom how things end up. Usually a signature is used on some document of record to be primarily a memory aid to remind us when and under what conditions we agreed to something. In fact, recording the act of agreeing via a "signing act" is the legal force for normal signatures. Even the "X" used by illiterates to sign documents is legal because it is the act of making the agreement that is important not the symbol that represents it. The symbol or signature is part of the reminder that you agreed.

The term "electronic signature" is a very general term that includes the idea of putting an electronic image of a signature on an electronic page.  A "digital signature" is much stronger and involves assurances that the document hasn't changed and the signer is who they claim to be. In fact, such digital signatures go way beyond paper and ink signatures with respect to assuring that the document has not been tampered with and that the signature is really a valid signature for that person. We are going to talk primarily about digital signatures.

Going digital

I guess the digital signature is driven to take the stronger path from normal ink signatures because we can make changes to document so much more easily and the changes can be done in ways so that it is impossible to know what was original and what was newly modified. Additionally, when we have digital material we take advantage that we do not have to be face to face to conduct business. We can send documents world-wide via e-mail or the Internet. So with whom we are really dealing becomes an issue. With normal signatures and signing, if we have a concern that who we are dealing with is who they say they are, we turn to notaries who give stronger confidence that the person is who they say to be. That same approach is used for digital signing by setting up Certificate Authorities (CAs) run by Certification Service Providers (CSPs).

So two things, document integrity and personal identification, are tied together into a system based upon clever digital encryption technology to give us digital signatures.

Much more on that in my next few blog articles. 

There is also more material about electronic and digital signatures to be found on the Adobe Security Blog.  For example:

So what is an electronic signature anyway?

Jim King (contact: jking@adobe.com)