1

I am trying to find out a way to create a digital signature for the employees of my company and place it in a server from where they can retrieve them and attach it with any digital document (Office or Adobe document) and the receiver can verify it again through the server itself.

I made a .cer file, but it prompts no password while attaching like it does in Adobe. Is there any way a similar file or that .cer file itself can be added with some password mechanism to be retrieved/used? Also how can the retriever validate it from the server?

I am very new to this digital signature paraphernalia, so I would request, if not in detail, at least give me a direction where to look to.

masegaloeh
  • 18,236
  • 10
  • 57
  • 106
sk1
  • 111
  • 1
  • 3

3 Answers3

2

[Disclosure: I work for CoSign. We make digital signature products.]

In response to the original question and the comments from sk1 to another answer:

Standard digital signatures or "digital signature"?

I think that the question is about standard digital signatures, eg for PDFs the most real-world, harmonized document is PAdES. See the Standards tab of the ETSI page. This standard is harmonized with the Digital Signatures section of the PDF specification, the NIST digital signatures standard, etc.

Verification

Assuming the above, the answer about verifying the signed documents is that there are many software apps that can verify standard digital signatures. This can be done at people's workstations, on a server, via a browser, mobile app, etc. Eg:

  • On a PC, Adobe Reader (or Acrobat) can verify the digital signatures on a PDF file. So can Nitro Pro, Bluebeam Revu, Foxit Phantom, and other PDF software.
  • On a PC, Microsoft Word and Excel have native features for digitally signing Word/Excel documents and for verifying signatures on signed documents. Note that signing requires a signing infrastructure that supports the local APIs that the apps use: CAPI / CAPI NG
  • On a server, you can sign and verify PDF, Word, and Excel documents by using software/hardware from different vendors. The software is often integrated into an ECM system such as SharePoint. My company, CoSign, has mature SharePoint Server and SharePoint Online digital signing products.
  • For browser access, you need a web app that supports signing and verification. Eg CoSign Web App. By the way, some web apps, including CoSign, can sign and verify Word and Excel documents, in addition to the usual PDF files.
  • Digital signature apps are also available for iOS and Android. Due to the security issues of the private key, these apps are clients to the actual signing service where the private key is stored.

Private key storage

The question also touched on the issue of storing the digital certificate / private keys of the signers. Industry norms and standard practices require that the signers' private keys be stored in a Secure Signature Creation Device (SSCD). Originally, the idea was that edge devices (Smart Cards) be used as SSCDs.

But as we all know, edge devices have many practical issues of deployment, maintenance, access, etc. So now, centralized SSCD server appliances are available and recognized by the standards bodies. An interview about these issues.

The centralized SSCD appliance sits within your network and holds the signers' private keys, certs and other data. It is a hardened box with anti-tampering technologies that render the private keys useless if the box is opened. It should be certified by a recognized independent testing laboratory. CoSign and other vendors make these appliances.

Return on Investment (ROI) is usually a year or less.

LarryK
  • 336
  • 1
  • 3
  • 15
0

Kudos for trying to make things more secure, but your lack of experience may backfire (what do you mean you didn't order 3000 bags of refuse @$10 each, the order has your signature on it?).

While it is possible to remove the password from the key, I would not recommend doing this on a cert stored on an end-user machine. However embedding a signature in a proprietary format such as msword really requires an instance of msword. This might be implemented on a server with appropriate access controls.

There are open standards for encapsulating a file with a digital signature but you would need to investigate whether the people whom need to verify the signature have access to such tools (conversely, I don't have access to msword).

symcbean
  • 21,009
  • 1
  • 31
  • 52
0

Before we can help you need ask yourself what you want to secure and tell us, Most of the cases have a lot of options to securing code. you should choose the easiest because complicated securing systems are much slower and can have a weak spot because the size of the code.

The way of digital signature don`t suggested. but, you can make a password that will be transfer to a digital signature(with sessions,cookies,recognizing systems etc.) that will represent the person who sent the document.

Do like Facebook, for logging in you are use email and pass. end when you logged in you recognized as your profile image not the email or any stuff that take part of your logging action.

  • Thanks. I will explain the scenario for a better understanding of what I am looking for. My company has one of its site that acts as a news feed to the employees. All the office orders, circulars etc are uploaded in it. But they are not the original documents but scanned copy of the signed hard copy. That is uploaded as an image file. Now the problem is with the visually impaired employees. They have a sofyware called Jaws that read the document and thats how they have access to the information in those documents. But since these documents are scanned copies they are uploaded as image files. – sk1 Feb 19 '15 at 04:41
  • This image file can't be read by the Jaws software so no information received to them. I was so hoping if we can have a centrally created digital signatures for all the employees that can be attached to the word, excell, ppt, pdf files and that can be verified also centrally by each employees. Thus authenticating the documents as good as hand signed scanned copies. – sk1 Feb 19 '15 at 04:50