[Leaplist] What do you all use for digitally signing PDF files?

John Simpson jms1 at jms1.net
Wed Sep 17 05:30:18 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2008-09-16, at 2020, Hank Lambert wrote:
>
> If this is for Government use, the only problem I see using PGP is  
> that
> it is based off of the Web of Trust model. I would expect the
> Government, especially the Federal Government to require a trusted  
> third
> party, i.e. Verisign, Thwart, Comodo, etc.I have seen quite a few
> commercial options for signing pdf documents.

i know the DoD has their own root CA, which long ago signed a set of  
root keys for each service. each of these services can further sign  
other keys, acting as a "delegated" CA. i would imagine they have a  
procedure to sign keys for any contractors from whom they will be  
receiving files.

i also know that the military ID cards, as well as the ID cards given  
to outside contractors (i.e. "common access cards") have a "smart  
chip" which contains a key pair for the card itself, generated by the  
card while it was being manufactured. the chip has the ability to do  
encryption and decryption operations by itself, which means there is  
no legitimate need to ever know the contents of the secret key stored  
on the chip.

i played with some of these "smart chip" cards several years ago, and  
if the DoD is using the same (or similar) cards, then the chip itself  
doesn't even HAVE a command to retrieve the secret key. the chip can  
store a limited number of other key pairs (i.e. the host computer can  
feed other key pairs into it) but the chip's unique identifier key  
cannot be retrieved, or changed without re-initializing the entire  
memory space (and that operation required manufacturer access.)


- --------------------------------------------------------
| John M. Simpson  --  KG4ZOW  --  Programmer At Large |
| http://www.jms1.net/                 <jms1 at jms1.net> |
- --------------------------------------------------------
|   Hope for America  --  http://www.ronpaul2008.com/  |
- --------------------------------------------------------





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjQzioACgkQj42MmpAUrRoVYgCeP2bsnplzMcI/n8SaD9cfpmLJ
y+YAoIAYE+Zdq+I/8EZQuqe16bxRSWCl
=TUFz
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list