Using digital signatures on paper medium - PGP

This is a discussion on Using digital signatures on paper medium - PGP ; My handwriting, like that of many other people who don't practice the skill regularily anymore, is not particularily legible. Signatures even less so, and they're also trivial to forge. Due to the way this society requires my signature in things ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Using digital signatures on paper medium

  1. Using digital signatures on paper medium

    My handwriting, like that of many other people who don't practice the
    skill regularily anymore, is not particularily legible. Signatures
    even less so, and they're also trivial to forge. Due to the way this
    society requires my signature in things entirely trivial, where it
    doesn't concern me whether they are real or forged, that's frequently
    an advantage - it can get me out of some inconvenient commuting, for
    example. There are times, however, when this could be a huge problem.

    I was thinking of using some digital signature algorythm to generate
    signatures suitable for using on paper - call it a quirk, but it'd be
    an interesting public statement. It has to be more secure than my
    typical handwriting, but it does not really have to completely protect
    the document from forgery using the common paper-related methods. It
    has to be easy to check with the existing software and key
    infrastructure, so naturally OpenPGP is the only practical choice. It
    would be ideal to digitally sign a document's original and attach a
    printed copy of the signed document - that would be quite explicit
    enough - but sometimes I won't have the original in digital form, with
    only a printout presented to me. How do I generate some set of data
    suitable for handwriting it on paper in the space left for 'sign
    here'? Let's assume that I do have easy access to a PGP implementation
    wherever I might want to do that, which PGP Wireless takes care of.
    The rest has to be accomplished with easy scripting anyone could
    reproduce wherever PGP is ever used.

    The obvious way would be generating some explicit and easily
    reproduceable digital impression of the document, (scanning and OCRing
    it would not give me that) signing it, and writing out the signature
    by hand. The problem boils down into two subproblems:

    1) How to generate a hash of the document which would identify it
    reasonably well, so that it would be possible to do that in your head.
    2) How to convert the stream of bytes that is a signature into
    something I could actually write on paper that would be easy to
    convert back into the commonly seen signature byte stream or an ascii
    armored signature.

    The best I could come up with to solve problem 1 is to generate some
    sort of string, using, for example, the first letter of every line in
    the document, possibly combining that with the date that I'd expect to
    see written on it, and then signing it with PGP as usual. Let's assume
    that will be good enough for our purposes - we don't want a completely
    unforgeable document, just something a bit more secure than
    handwriting.

    However, the problem 2 leaves me stumped. Typical PGP ascii armor
    algorythm certainly won't do, since it involves using upper and lower
    case symbols with equal regularity, something a bit tricky to
    reproduce without leaving much errors. But even if I could do that,
    supposing that I made a detached signature and discarded all
    non-essential stuff which can be easily reconstructed, that'd leave me
    with about 100 letters. And that would certainly be a bit too much for
    comfort - I'd say that the 50 letters would be close to the maximum.
    And if I understand it right, the signature is already compressed as
    far as it will go.

    Is there a way to do that at all using current software?

    Printing out a sticker with that signature would be good but isn't
    what I'm looking for.

  2. Re: Using digital signatures on paper medium

    I think I read something about newer versions of Microsoft Word allowing
    users to digitally sign documents. If the Word file incorporates a digital
    signature, could you just include this on the printed document in some way?

    Richard

    wrote in message
    news:9d4e278f.0309050722.5de6c585@posting.google.c om...
    > My handwriting, like that of many other people who don't practice the
    > skill regularily anymore, is not particularily legible. Signatures
    > even less so, and they're also trivial to forge. Due to the way this
    > society requires my signature in things entirely trivial, where it
    > doesn't concern me whether they are real or forged, that's frequently
    > an advantage - it can get me out of some inconvenient commuting, for
    > example. There are times, however, when this could be a huge problem.
    >
    > I was thinking of using some digital signature algorythm to generate
    > signatures suitable for using on paper - call it a quirk, but it'd be
    > an interesting public statement. It has to be more secure than my
    > typical handwriting, but it does not really have to completely protect
    > the document from forgery using the common paper-related methods. It
    > has to be easy to check with the existing software and key
    > infrastructure, so naturally OpenPGP is the only practical choice. It
    > would be ideal to digitally sign a document's original and attach a
    > printed copy of the signed document - that would be quite explicit
    > enough - but sometimes I won't have the original in digital form, with
    > only a printout presented to me. How do I generate some set of data
    > suitable for handwriting it on paper in the space left for 'sign
    > here'? Let's assume that I do have easy access to a PGP implementation
    > wherever I might want to do that, which PGP Wireless takes care of.
    > The rest has to be accomplished with easy scripting anyone could
    > reproduce wherever PGP is ever used.
    >
    > The obvious way would be generating some explicit and easily
    > reproduceable digital impression of the document, (scanning and OCRing
    > it would not give me that) signing it, and writing out the signature
    > by hand. The problem boils down into two subproblems:
    >
    > 1) How to generate a hash of the document which would identify it
    > reasonably well, so that it would be possible to do that in your head.
    > 2) How to convert the stream of bytes that is a signature into
    > something I could actually write on paper that would be easy to
    > convert back into the commonly seen signature byte stream or an ascii
    > armored signature.
    >
    > The best I could come up with to solve problem 1 is to generate some
    > sort of string, using, for example, the first letter of every line in
    > the document, possibly combining that with the date that I'd expect to
    > see written on it, and then signing it with PGP as usual. Let's assume
    > that will be good enough for our purposes - we don't want a completely
    > unforgeable document, just something a bit more secure than
    > handwriting.
    >
    > However, the problem 2 leaves me stumped. Typical PGP ascii armor
    > algorythm certainly won't do, since it involves using upper and lower
    > case symbols with equal regularity, something a bit tricky to
    > reproduce without leaving much errors. But even if I could do that,
    > supposing that I made a detached signature and discarded all
    > non-essential stuff which can be easily reconstructed, that'd leave me
    > with about 100 letters. And that would certainly be a bit too much for
    > comfort - I'd say that the 50 letters would be close to the maximum.
    > And if I understand it right, the signature is already compressed as
    > far as it will go.
    >
    > Is there a way to do that at all using current software?
    >
    > Printing out a sticker with that signature would be good but isn't
    > what I'm looking for.




  3. Re: Using digital signatures on paper medium

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    wrote in message
    news:9d4e278f.0309050722.5de6c585@posting.google.c om...

    [...]

    > It
    > would be ideal to digitally sign a document's original and attach a
    > printed copy of the signed document - that would be quite explicit
    > enough - but sometimes I won't have the original in digital form, with
    > only a printout presented to me. How do I generate some set of data
    > suitable for handwriting it on paper in the space left for 'sign
    > here'? Let's assume that I do have easy access to a PGP implementation
    > wherever I might want to do that, which PGP Wireless takes care of.
    > The rest has to be accomplished with easy scripting anyone could
    > reproduce wherever PGP is ever used.
    >
    > The obvious way would be generating some explicit and easily
    > reproduceable digital impression of the document, (scanning and OCRing
    > it would not give me that) signing it, and writing out the signature
    > by hand.


    a possible way to do this is to:

    [1] sign and encrypt the document that you want to have a digital signature
    for
    [2] use gnupg to display the session key for the resulting ciphertext
    [3] write down the session key (32 characters for a 128 bit symmetrical
    algorithm), and the filename of the signed and encrypted file

    anyone can then later decrypt the file and verify the contents, and your
    signature of the file

    n.b.
    this may work for what you want it for, but it is 'not' secure

    although not implemented now, it is not difficult to produce an
    intentionally 'hacked' version of gnupg that will allow you
    to input the session key if you wish, instead of doing it at random,

    then it would be possible to use the same session key that you wrote down,
    for a 'different' (forged) signed and encrypted file

    hth,

    vedaal

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/
    Comment: { Acts of Kindness better the World, and protect the Soul }
    Comment: KeyID: 0x6A05A0B785306D25
    Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA

    iQEVAwUBP1jV1GoFoLeFMG0lAQNlygf/eZopb4+nhhGIsenrOk78fhj6WycOOba1
    lvTsp7OT5mz+gh1W19iLK+mLSm8tAPnGUEaNSIinn6/ORI1VUy1VJzxhkVemvDFg
    eyc+U9SxLSKz7sgklVff/s8jSoFD58wfbOkuEX6EilfEmf/sAsnB1FlpNkOZw4D3
    9jcSY1qui09WP3W39v6mQyIlCkH7dBvSJEbB3u6MupyCZ92DZM zaaI+1BhWeycZh
    mZltBmPRHjfLzlfoDy1S//TAGr5qvbQQjOCL4qZa588PSIWRhcpTpt4+M2l8QF9o
    e8eVLqbAcnxzxVbWChp64zoYrr/9iOgf4ATJA6h/ZNiVeQhmbTzmIA==
    =2jZD
    -----END PGP SIGNATURE-----



  4. Re: Using digital signatures on paper medium

    "vedaal" wrote in message news:...

    > [1] sign and encrypt the document that you want to have a digital signature
    > for
    > [2] use gnupg to display the session key for the resulting ciphertext
    > [3] write down the session key (32 characters for a 128 bit symmetrical
    > algorithm), and the filename of the signed and encrypted file


    If I had a digital original of the document, that's what I would sign,
    print and attach to the document. However the whole point of this
    exercise was to be able to sign things I don't have and can't procure
    digital originals for.

    --

  5. Re: Using digital signatures on paper medium

    wrote in message
    news:9d4e278f.0309050722.5de6c585@posting.google.c om...
    >


    [1] Bugger paper documents - use electronic mediums exclusively, and if
    that's not possible (e.g. if for some reason a file cannot be emailed), use
    an OCR font to achieve good accuracy (such as the one that was used for the
    last paper exported versions of PGPi)

    [2] Scan the files as JPEGs or similar, and sign that.

    [3] Use a different form of ASCII armouring - there are loads out there (I
    won't pretend to understand them myself) - that doesn't use different cases,
    etc. Possibly even something like what PGP does to key fingerprints to
    convert hex digits into something that can be read down the 'phone. And use
    a different hash - there's a selection of those around as well. This would
    of course mean writing your own version of Open PGP.



  6. Re: Using digital signatures on paper medium

    "Gamma3000" wrote in message news:<3f59e255@shknews01>...

    > [1] Bugger paper documents - use electronic mediums exclusively, and if
    > that's not possible (e.g. if for some reason a file cannot be emailed), use
    > an OCR font to achieve good accuracy (such as the one that was used for the
    > last paper exported versions of PGPi)


    I can't sign, say, a contract exclusively in electronic medium. Not
    legally and not in this country. No, dismissing the problem is not a
    solution - I /want/ to do it, I don't want to /avoid/ doing it,
    although most of the time I can and probably will.

    > [2] Scan the files as JPEGs or similar, and sign that.


    This will make the signature impossible to check since another scan
    of the same document will not produce a binarily identical JPEG file
    even on the exact same scanner on the next scanner pass before you
    shift the document even a millimeter. Signing a JPEG file without
    attaching the JPEG file itself would be stupid and attaching it would
    make the printout longer than the original document - not to mention
    impossible to write out!

    > [3] Use a different form of ASCII armouring - there are loads out there (I
    > won't pretend to understand them myself) - that doesn't use different cases,
    > etc.


    This is exactly what I'm thinking about. Unfortunately, there's one
    fundamental problem I need someone more PGP-savvy to solve:
    The current ascii armor algorythm is based on an alphabet that is
    about 60 letters long. Even though using a different alphabet for the
    same thing is trivial, shortening it almost two times will /double/
    the number of letters I'll have to eventually write down. And I can't
    shorten the original binary output of PGP without knowing which parts
    of it are actually essential and which can be reconstructed.

    > And use a different hash - there's a selection of those around as well.


    Now that sounds a bit closer... though it'll probably be a pain to
    use in practice since PGP Wireless doesn't let you select the hash and
    the only known version of GnuPG for WinCE doesn't work on HPC 2000.

    > This would of course mean writing your own version of Open PGP.


    Not really - just a script to parse the existing detached signature
    packet back into binary form, toss out everything non-essential and
    armor it into a new format.

  7. Re: Using digital signatures on paper medium

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    wrote in message
    news:9d4e278f.0309052359.4658fb6b@posting.google.c om...
    > "vedaal" wrote in message
    > news:...


    [...]

    > If I had a digital original of the document, that's what I would sign,
    > print and attach to the document. However the whole point of this
    > exercise was to be able to sign things I don't have and can't procure
    > digital originals for.



    - ----- Original Message -----
    From:
    Newsgroups: comp.security.pgp.discuss
    Sent: Saturday, September 06, 2003 3:59 AM
    Subject: Re: Using digital signatures on paper medium

    [...]

    > If I had a digital original of the document, that's what I would sign,
    > print and attach to the document. However the whole point of this
    > exercise was to be able to sign things I don't have and can't procure
    > digital originals for.


    [...]

    you could 'sign' with the watered-down manual count that is
    semi-reminiscent of a hash:

    count the number of characters, lines, sentences, and capital letters,
    and then 'sign' with something like the following notation:

    c327l22s16c20

    (assuming an example of 327 characters, 22 lines, 16 sentences, 20
    capitals),

    then, upload that to your portable pgp, and sign that small string with
    your key

    here is the length of the signature block, leaving out the checksum, when
    signing the above string with a 1024 dh/dsa key:

    iQA/AwUBP1x2DfJG4fp7U04tEQPu8wCg+qpbfKTmX4hpW+HmBq39vS PIYbMAn3HO
    V/89OC8ogGJmRkqqBAwiklD8

    you could add / change the fields, and pick the number of 3 letter words,
    occurrences of 'e', 'a' , ' etc.

    although possible for someone to forge a document that would result in the
    same string, it would be 'too much trouble'
    but, since the 'hash-string' is not of the entire document, it lends itself
    to simple substitution attack forgeries:

    i.e substituting 'sinfully', 'stupidly', 'schemingly', etc. for
    'sincerely'

    and more seriously, altering the critical details of the document :
    substituting 'ten' for' thousand' altering the date, and then changing
    other words around to compensate


    can't escape the fact that if it isn't a 'real' complete hash signature, it
    isn't completely secure ...

    hth,

    vedaal

    -----BEGIN PGP SIGNATURE-----
    Version: 6.5.8ckt http://www.ipgpp.com/
    Comment: { Acts of Kindness better the World, and protect the Soul }
    Comment: KeyID: 0x6A05A0B785306D25
    Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA

    iQEVAwUBP1x892oFoLeFMG0lAQPYpQf8DRHmEB4nbKnNtaIwmB LwPOF7988WdLy/
    mvAYBrJMLZmqzp5lfQJQ12RiHrjaQ1GN5p2hr2ISeTil3T4yGY Av4dRTqbC0s9jv
    0pP41D5z0Polq+S//36RF4qSpOWkjYerbljyu+j0e/+uZVt+EyLvV5muJzcr32td
    /r4sj31l3zzAtkLCRiwGrP1Ch3WDYa1k7YO36hCHuYRYJ/TaU0y5bzM7lMfEIyRD
    Xa+xkIiRgGFx68I8HyxlKwo41pH3alRgBY8glrP/Y0REYrsdnuCr0esa/M5Af97t
    P3desgK4s4p9EM1brvbuePierEU7ULx///KfPnB8xdNNpltUNekz+Q==
    =q3PI
    -----END PGP SIGNATURE-----



  8. Re: Using digital signatures on paper medium

    shirow@project7.dhs.org (shirow@project7.dhs.org) wrote in
    news:9d4e278f.0309070140.5705aae2@posting.google.c om:

    >> [2] Scan the files as JPEGs or similar, and sign that.

    >
    > This will make the signature impossible to check since another scan
    > of the same document will not produce a binarily identical JPEG file
    > even on the exact same scanner on the next scanner pass before you
    > shift the document even a millimeter.


    Do you need to attach the JPEG to the paper document?

    If the intention is to keep a record of what you have actually *manually*
    signed, could you not do something like this:

    [1] Scan the (manually signed) document to JPEG(s).
    [2] If more than one page, zip all JPEGs to single archive file.
    [3] Digitally sign JPEG/archive with PGP.
    [4] Generate MD5SUM of PGP signature (only 32 digits to write on document)
    [5] Store file/signature away in secure location (burn to CD, etc...)

    Then, if you ever need to prove exactly what you signed, you have the JPEG
    (s) showing the state of the documents when you signed them, you have the
    electronic signature confirming the file/archive has not been tampered
    with since, and the MD5SUM of the signature matching the one written on
    the original document ties it all together.

    It is even possible, I guess, that you could get away with not doing the
    PGP signing and just using the MD5SUM of the file itself -- but that does
    not then provide the confirmation that it was *you* who performed the
    digital signature...

    Or am I missing the point? (It's possible; I'm tired!) It seems, though,
    that the point is to be able to prove what *you* signed; any form of
    "electronic" signature added to the bottom of the document would likely
    mean little to anyone else...

    Pete.

  9. Re: Using digital signatures on paper medium

    I've been thinking about this a little further...

    shirow@project7.dhs.org (shirow@project7.dhs.org) wrote in
    news:9d4e278f.0309050722.5de6c585@posting.google.c om:

    > However, the problem 2 leaves me stumped. Typical PGP ascii armor
    > algorythm certainly won't do, since it involves using upper and lower
    > case symbols with equal regularity, something a bit tricky to
    > reproduce without leaving much errors.


    Furthermore, even assuming you can easily duplicate your document
    "fingerprint", however you might choose to generate it, a PGP signature is
    probably not what you are looking for -- unless you wished to retype the
    *signature* back into the computer to confirm it. PGP-signing the same data
    (ie, the document "fingerprint") twice will generate two *different*
    signature streams.

    Again, I'm thinking that maybe an md5sum of the document's fingerprint might
    be more suitable for your purposes (and if 32 HEX characters is still too
    much to write out, I for one would probably be reasonably happy to trim that
    back to the first 8 and last 8...)

    Of course, md5sum doesn't provide the surety of having been generated by your
    private key, so YMMV...

    *shrug*

+ Reply to Thread