OOo Digital Signatures

Malte Timmermann
Technical Architect
Sun Microsystems GmbH
About the Speaker
●   Technical Architect in
    OpenOffice.org/StarOffice development
●   OOo/StarOffice developer since ...
Agenda
●   Why Digital Signatures?
●   Technology for Digital Signatures
●   Implementation in
    OpenOffice.org/StarOffi...
Why Digital Signatures?
●   Authentication
●   Authorization
●   Verify Document Integrity
Authentication
●   A Basic Security Issue is Authentication
●   Authentication is the process of
    confirming the identi...
Authorization
●   Authentication serves as the basis for
    Authorization
●   Specifically, once it knows the identity of...
Authorization
●   Macro Security
    –   Decide whether to run a macro or not
         ●   Decision based on author, not o...
Authorization
●   Digital Rights Management
    –   Digital Signatures can be used for simple
        DRM: Who is allowed ...
Verify Document Integrity
●   Verify that the Document Content was
    not altered
    –   A document might simply be corr...
Technology for Digital Signatures
●   Hash Values
●   Encryption Algorithms
●   Public Key Certificates
Hash Values
●   One Way Hash Functions
    –   Easy to compute, but difficult to reverse
    –   Difficult to find two inp...
Encryption Algorithms
●   Change Data so it can only be read with
    the proper Encryption Key
    –   Original text is c...
Symmetric Encryption
●   Same Key is used for Encryption and
    Decryption
●   Also called “Secret Key” Ciphers
    –   T...
Asymmetric Encryption
●   Pair of Keys, one is used for Encryption,
    the other for Decryption
●   Private Key is only k...
Asymmetric Encryption
●   In some Asymmetric Systems the
    Encryption and Decryption is reversible
    –   This means th...
Public Key Certificates
●   Users of public-key applications and
    systems must be confident that the
    public key of ...
Public Key Certificates
●   Holds together Information about the
    Owner
    –   Name, Email Address, Public Key,
      ...
Implementation in
OpenOffice.org/StarOffice
●   W3C XML DSIG
●   OOo Security Framework
W3C XML DSIG
●   OpenOffice.org implements Digital
    Signatures following W3C XML DSIG
    Recommendations
    –   Struc...
W3C XML DSIG
●   XML Content can be verified via DOM,
    physical representation doesn't matter
●   Implementation for Bi...
OOo Security Framework
●   Application shouldn't care about
    Certificate Deployment and
    Management
●   Use existing...
OOo Security Framework
●   LibXMLSec, LibXML2
●   OpenOffice.org uses LibXMLSec and
    LibXML2 to create and verify Digit...
Demonstrations
●   Digital Signatures
    –   Adding some Signatures
    –   Broken Signatures
Demonstrations
●   Macro Security
    –   Security Levels
    –   Trusted Sources and Authors
Other Security Options
●   Document Encryption
●   Warn if certain Information are saved,
    signed or printed and have
 ...
Demonstrations
●   Other Security Options
Future Outlook
●   Fine Grained Macro Security
    –   UNO already offers a mechanism for this
    –   Needs a lot of chan...
OOo Digital Signatures



malte.timmermann@sun.com
Upcoming SlideShare
Loading in...5
×

OpenOffice.org Digital Signatures, OOoCon 2004

1,154

Published on

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,154
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

OpenOffice.org Digital Signatures, OOoCon 2004

  1. 1. OOo Digital Signatures Malte Timmermann Technical Architect Sun Microsystems GmbH
  2. 2. About the Speaker ● Technical Architect in OpenOffice.org/StarOffice development ● OOo/StarOffice developer since 1991/94 ● Main focus: Core Development – Security – Accessibility – Past: EditEngine, Help System, ...
  3. 3. Agenda ● Why Digital Signatures? ● Technology for Digital Signatures ● Implementation in OpenOffice.org/StarOffice ● Future Outlook
  4. 4. Why Digital Signatures? ● Authentication ● Authorization ● Verify Document Integrity
  5. 5. Authentication ● A Basic Security Issue is Authentication ● Authentication is the process of confirming the identity of an entity (a user, a machine, a company) ● Securely identify the Author of a Document
  6. 6. Authorization ● Authentication serves as the basis for Authorization ● Specifically, once it knows the identity of a subject, an application may then specify what set of operations that subject may perform
  7. 7. Authorization ● Macro Security – Decide whether to run a macro or not ● Decision based on author, not on macro content, because you can't review every macro you receive – Fine Grained Macro Security ● Macros from different authors can have different access rights to systems resources
  8. 8. Authorization ● Digital Rights Management – Digital Signatures can be used for simple DRM: Who is allowed to read/modify/print the document? – DRM cannot be enforced with this, only be implemented in specific applications
  9. 9. Verify Document Integrity ● Verify that the Document Content was not altered – A document might simply be corrupted because of broken file transfer, but it can also be manipulated by Intention – Checksums / Hash Values can be used to verify the Content
  10. 10. Technology for Digital Signatures ● Hash Values ● Encryption Algorithms ● Public Key Certificates
  11. 11. Hash Values ● One Way Hash Functions – Easy to compute, but difficult to reverse – Difficult to find two input values which result in same output value – Can be used to calculate Hash Values for the document content, which are much smaller than the Document Content itself – Hash Values can be stored at a separate place or as part of the Signature – Use same Hash Function to compute Hash Values for a received Document, compare with the saved Values
  12. 12. Encryption Algorithms ● Change Data so it can only be read with the proper Encryption Key – Original text is called “Plain Text” – Transformed text is called “Cipher Text” – Recovering Plain Text from Cipher Text only possible with correct Key ● Encryption Types – Symmetric Encryption – Asymmetric Encryption
  13. 13. Symmetric Encryption ● Same Key is used for Encryption and Decryption ● Also called “Secret Key” Ciphers – Two communicating parties must share a secret key. This requirement creates some difficulties in key management and key distribution ● Improve Crypto Strength – Symmetric Ciphers can be stacked to improve Crypto strength of the whole system, such as in the case of triple-DES
  14. 14. Asymmetric Encryption ● Pair of Keys, one is used for Encryption, the other for Decryption ● Private Key is only known by the Owner, Public Key can be know by everybody and Easily being distributed via Public Channels
  15. 15. Asymmetric Encryption ● In some Asymmetric Systems the Encryption and Decryption is reversible – This means that one can apply the decryption operation with the private key to the plaintext to get ciphertext, and one can recover the plaintext by applying the encryption operation with the public key to the ciphertext. – Only the holder of the private key can generate the ciphertext with these systems, so the ciphertext can serve as a digital signature of the plaintext, and anyone with the public key can verify the authenticity of the signature
  16. 16. Public Key Certificates ● Users of public-key applications and systems must be confident that the public key of a subject is genuine ● Public-key certificates are used to establish trust. A public-key certificate is a binding of a public key to a subject, whereby the certificate is digitally signed by the private key of another entity, often called a Certification Authority (CA)
  17. 17. Public Key Certificates ● Holds together Information about the Owner – Name, Email Address, Public Key, Company Name, ... ● The standard digital certificate format is ITU-T X.509. ● An X.509 certificate binds a public key to a Distinguished Name
  18. 18. Implementation in OpenOffice.org/StarOffice ● W3C XML DSIG ● OOo Security Framework
  19. 19. W3C XML DSIG ● OpenOffice.org implements Digital Signatures following W3C XML DSIG Recommendations – Structure of the Signature itself is XML – Used Encryption and Hash Algorithms are stored within the Signature – Signature can easily be verified with different implementations
  20. 20. W3C XML DSIG ● XML Content can be verified via DOM, physical representation doesn't matter ● Implementation for Binary Data like Pictures is also available
  21. 21. OOo Security Framework ● Application shouldn't care about Certificate Deployment and Management ● Use existing Infrastructure – MS Crypto on Windows – Mozilla / NSS on Linux and Solaris
  22. 22. OOo Security Framework ● LibXMLSec, LibXML2 ● OpenOffice.org uses LibXMLSec and LibXML2 to create and verify Digital Signatures ● LibXMLSec can handle MS Crypto API and NSS ● The OOo Security Framework is designed to support different implementations, like Java JSR 105/106
  23. 23. Demonstrations ● Digital Signatures – Adding some Signatures – Broken Signatures
  24. 24. Demonstrations ● Macro Security – Security Levels – Trusted Sources and Authors
  25. 25. Other Security Options ● Document Encryption ● Warn if certain Information are saved, signed or printed and have – Versions – Redlining Information – Notes ● Remove Personal Information on Saving ● Recommend Password Protection on Saving
  26. 26. Demonstrations ● Other Security Options
  27. 27. Future Outlook ● Fine Grained Macro Security – UNO already offers a mechanism for this – Needs a lot of changes in UNO API Implementations ● W3C Encryption using Certificates – Needs Enhancements to our current framework – Workflow and Key Retrieval undefined ● (Digital Rights Management)
  28. 28. OOo Digital Signatures malte.timmermann@sun.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×