Validity States Danny De Cock Danny.DeCock@esat.kuleuven.be Katholieke Universiteit Leuven/Dept. Elektrotechniek (ESAT) Computer Security and Industrial Cryptography (COSIC) Kasteelpark Arenberg 10, bus 2452 B-3001 Heverlee Belgium Slide 1
Validity A B C D E F G H I J K Time verification generation Start using key pair Publish public key Key pair generation Public key expires Private key expires [CJ]: New valid signatures may be generated [AC], [K, [: All signature verifications fail [J, [: Illegal to generate new signatures [C, [: s can be legally binding if verified in [CJ[ Slide 3
Validity with Revocation A B C D E F G H I J K Key pair generation verification generation Revoked certificate Suspended certificate Incident Last valid signature before the incident [GH]: s created in [GI] should be invalid, H may be equal to I [I, [: Illegal to generate new signatures [CG[: New valid signatures may be generated [AC], [H, [: verification returns invalid [CF]: s validated before F may be valid forever Time Public key expires Private key expires Slide 4
Long Term s Alice produces a digital signature on data D that will resist time: Alice collects a time stamp ts 1 from a trusted third party (TTP) Alice produces a digital signature DigSig Alice (D,ts 1 ) on the time stamp ts 1 and the data D TTP validates a digital signature DigSig Alice (D,ts 1 ) at time ts 2 TTP computes a digital signature DigSig TTP (DigSig Alice (D,ts 1 ),ts 2 ) if and only if the TTP Has validated Alice s digital signature, and Confirms that the signature and Alice s full certificate chain was valid at time ts 2 Alice can now indefinitely rely on DigSig TTP (DigSig Alice (D,ts 1 ),ts 2 ), even if her public key must be revoked, e.g., at time ts 3 (after ts 2 ), or if her public key expires ts 1 DigSig Alice (D,ts 1 ) ts 2 DigSig TTP (DigSig Alice (D,ts 1 ),ts 2 ) ts 3 Time Note: This procedure assumes that no cryptographic weaknesses are discovered in the signature generation and validation algorithms and procedures Slide 5
Archiving Signed Data Digital signatures remain valid forever if one stores: The digitally signed data The digital signature on the data The signer s certificate A proof of validity of the signer s certificate The verification timestamp of the signature Bottom line: The integrity of this data should be protected! There is no need to retrieve the status of a certificate in the past! Protect your proofs in a digital vault Slide 6
Generation/Verification 2 3 PIN Creation Engine 1 4 Hash 5 6 8 10 9 OCSP Hash Verification Engine Bob 12 P Alice 7 CRL 1. Compute hash of message 2. Prepare signature 3. Present user PIN 4. SCD generates digital signature 5. Collect digital signature 6. Retrieve signer certificate 10. Compute hash on received message 7. Verify the certificate s revocation status. Verify digital signature 8. Retrieve public key from signer certificate 12. SVD outputs valid signature 9. Retrieve digital signature on the message or invalid signature Beware Bob should validate Alice s certificate Beware Belgian eid Card, Technical Aspects Slide 7
Generation Steps 2 3 PIN Creation Engine P 1 4 hash 5 Alice Alice s application 1. Calculates the cryptographic hash on the data to be signed 2. Prepares her eid card to generate an authentication signature or to generate a non-repudiation signature 3. Alice presents her PIN to her eid card 4. Her card generates the digital signature on the cryptographic hash 5. The application collects the digital signature from her eid card Bob receives an envelope with a digitally signed message and a certificate Belgian eid Card, Technical Aspects Slide 8
Bob Verification Steps 6. Retrieves the potential sender s certificate 7. Verifies the certificate s revocation status 8. Extracts Alice s public key from her certificate 9. Retrieves the signature from the message 10. Calculates the hash on the received message. Verifies the digital signature with the public key and the hash 12. If the verification succeeds, Bob knows that the eid card of Alice was used to produce the digital signature 6 The message comes from Alice is a business decision 8 7 9 10 OCSP CRL hash Bob Verification Engine 12 Belgian eid Card, Technical Aspects Slide 9