Pots pan workpackage 3 pilot 1


Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

Pots pan workpackage 3 pilot 1

  1. 1. PotsPan Project Workpackage 3Institutional Document Management Pilot Exercise 11. SummaryAs outlined in the planning document for this Workpackage, the key activities were to include: Identifying a free Certification Authority service, registering as a user and completing all the security procedures for the creation of authenticated certificates; Installing the certificates on a PC and browser to be used to create and sign the documents; Creating test documents using Open Office Writer and using the Digital Signatures function to add certificated electronic signatures; Sending the documents electronically and testing the received documents for validity against the security criteria applied.Pilot exercise 1 completed all of these activities and the outcomes and lessons learned are reportedhere. Further exercises and evaluations will be carried out, and the final activity of testing thesystems for validating the authentication of online assessment submissions through Moodle willconclude the Workpackage.Open Office Writer1 was used as the document authoring software, CAcert2 provided the freeCertification Authority service used and the documents were created on a PC running MicrosoftWindows 7 and IE9. The outcomes of the exercise will be described in the order listed above.2. The Certification Authority service and the creation of authenticated certificatesSecure and trusted electronic signature systems typically involve the use of third party CertificationAuthority providers who ensure the validity of the digital certificates they issue for confirmingauthor identity, ensuring document integrity and providing encryption keys for secure documentdistribution. Such digital certificates are installed in the document owner’s computer and webbrowser, and are used by programs like Open Office Writer to apply validated electronic signatures.The CA organisation selected for trialling in Pilot Exercise 1 was CAcert3 who provide a free to usedigital certificate service. The sequence that led to the issuing of authenticated certificates was: Registration as a user and create an account on the CAcert website. This involves entering a user name and password, along with other unique security data; When registered and logged in, the process is to select ‘new client certificate’ and then ‘create certificate’; A security strength level is selected for the encryption key at this stage. For the exercise, ‘Microsoft enhanced cryptographic provider v1.0’ was chosen;When the certificate is created it opens in a new window with an invitation and link to import intothe browser. An email is also sent confirming the creation of the certificate, providing a link to it inthe user account, and also a reminder that the CAcert root certificate also needs to be importedbefore certificates can be used. A link to this process is also provided.Active X needs to be enabled for the installation of both the root certificate and the newly createddigital certificate.1 http://www.openoffice.org/product/writer.html2 https://www.cacert.org/3 https://wiki.cacert.org/FAQ/AboutUs
  2. 2. 3. Installing the certificates on the PC and browserThe installation process begins with the Root Certificate and this is accessed on the CAcert RootCertificate website4. There are links on the page to initiate the Root Certificate download. Once thishas been done, the download is imported in the Internet Options>Content>Personal>Certificates> ofthe browser using the ‘Trusted Root Certification Authorities’ tab. The digital certificate can then beimported by clicking on the link in the certificate page on the CAcert website5. The certificate is nowready for use.4. Creating documents and adding electronic signaturesWith the digital certificate imported, it can be used to add electronic signatures to Open Officedocuments. For the purpose of Pilot Exercise 1 a test document was created in Open Office Writerand the electronic signature process tested.Once the document had been created the File>Digital Signatures option was selected and the newlyimported digital certificate option appeared in a new window and was activated by clicking on theSign Document button:Once signed and saved, whenever the file is opened it will have the small icon next to the ‘Thesignatures in this document are valid’ line in the image above showing in the document toolbarconfirming that it is a valid signed document.When the document is opened and the icon is double clicked, the documentation verification will beconfirmed and the security information can be viewed:4 http://www.cacert.org/index.php?id=35 https://www.cacert.org/account.php?id=6&cert=409041
  3. 3. If, at any time, the signed document is edited or changed in any way, the electronic signature will beinvalidated and the icon in the document toolbar will disappear. The edited document can, ofcourse, be re-signed by an authorised signatory.5. Sending the signed documents electronically and testing the received documents for validityThe test document above was sent by email as an attachment and when opened in Open OfficeWriter, it included the digital signature that confirmed validity and that the document had not beenaltered since the signature had been applied.When opened, the document was in read-only format which further avoids the possibility ofinvalidating the signature. The attached file was saved locally and, when opened as a local file, stillretained the digital signature verification. However, it was now in edit mode and, if editing did takeplace, then the digital signature was invalidated.6. ConclusionsThis first exercise has demonstrated that the basic objectives of the electronic signature verificationof document validity could be achieved using open source tools and freely available services. ThePotsPan project will continue to explore the extent of the security provided and the alternative toolsand services available. It will then move on to the final objective of testing the system in the contextof online assessment submission through Moodle.Tony TooleNovember 2012