EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKI and OTP

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#32843
Posted: 03/30/2015 08:29:31
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

Italian regulations accept digital signature and remote digital signature, as a way to sign a document. We have implemented on our software a digital signature using SecureBlackBox PKI component, and we need to implement the remote digital signature.

You can find information on
http://ec.europa.eu/digital-agenda/en/trust-services-and-eid
and
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG

I think we need to find the public certificate on the MS certificate personal store, identified if the private key is remote, send the request to the public server, (insert OTP password) and sign the document with the received key.

Do you think is a possible schema?
#32849
Posted: 03/30/2015 10:28:36
by Ken Ivanov (EldoS Corp.)

Marcelo,

Thank you for the details. The legislative aspects are generally OK, but we also need to know whether there is a requirement set for you to be compatible with any existing services already available on the market, or you are building your own bespoke remote signing system. The legislation does not define any particular technical mechanism(s) or algorithm(s) for implementing remote signing, so the question of compatibility with third-party services is essential.

Quote
I think we need to find the public certificate on the MS certificate personal store, identified if the private key is remote, send the request to the public server, (insert OTP password) and sign the document with the received key.

Generally, remote signing is performed in a bit different way. The signing party calculates the digest of the document to be signed and sends it to the 'signing server' where the private key is stored (with an optional authenticator, which might be represented by OTP in your case). The server signs the digest and returns the signature back to the signing party. The signing party then finalizes the process by inserting the received signature to the document. In this case no key is actually transmitted, making the scheme perfectly secure.

To sum up the things, the first question you should find an answer to is whether you are building your own signing scheme or you need to be compatible to any existing implementation and/or standard. Once this question is clear, we could go ahead and suggest on any further steps.

Ken
#34113
Posted: 07/27/2015 12:02:32
by Josue Andrade (Basic support level)
Joined: 07/27/2015
Posts: 1

Good day.
I am evaluating the trial product to buy .
I have some questions about the OTP component :
1. The password may return in hexadecimal ? or is only decimal ?
2. What is the difference between the demos and HOTP TOTP ?
3. The time is given in seconds or minutes ??

Thank you for your help
#34114
Posted: 07/27/2015 12:27:09
by Alexey Yantselovskiy (Basic support level)
Joined: 11/21/2013
Posts: 2

Good day, Josue Andrade.

Thank you for contacting us.

I am answering your questions below:

1. The components always return passwords in decimal format.

2. HOTP and TOTP demo applications demonstrate operation of two different OTP algorithms (HMAC-Based One-Time Password Algorithm and Time-based One-time Password Algorithm).

3. Generation time for TOTP-based component is set as a DateTime value (or object). Time intervals are expected to be provided in seconds.

Just let me know if I can be of any further assistance.

Reply

Statistics

Topic viewed 4011 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!