Bruno Lovagi is the original developer of iText, an innovative PDF library developed into a global software company. As an active member of the ISO and PDF communities he has written several books about iText, as well as continuously working with the community for PDF functionality. When he is not working in the PDF world, Bruno spends most of his time with his wife and two sons.
In 2013, Eddie Hearns of Leafdal paid the eighth invoice sent by his contractor.
Or so he thought. In fact, the invoice was intercepted by a blocker that changed only one thing on the invoice, the contractor’s account number. Eddie paid 30,000 Euros, but the money never reached its intended destination. By the time the deception was revealed, it was too late. The bank had followed Eddie’s wiring instructions and could not withdraw the transfer. On top of that, Eddie still had to pay 30,000 euros to his contractor.
What problems does signing a document solve?
This example demonstrates the weaknesses that are inherent to our traditional view of documents. When we receive a document, whether in paper form or digitally, how do we know that the material was not tampered with? How do we know who the sender of the document is or claims to be? And, if we receive a signed agreement, how can we ensure that the person signing the document cannot claim “I have never signed that document?” Without involving a notary?
Concept 1: Cryptographic hash function
A digital document consists of a sequence of computer bytes arranged in such a way that computer programs can render them on screen, or on a printer. A cryptographic hash function can take those bytes and reduce them to a predefined length digest. Original bytes can never be reconstructed based on digestion. But if you apply the hash function in the same order of bytes, it will always result in the same digest.
Imagine a situation where documents are sent to different parties.
For example: A university sends a grade report to all its students. For confidentiality reasons, the university cannot put all of these reports online on a public server, yet other universities that receive such reports from a student who enrolls for additional study will check if the grades were not forged. Should be able to
To solve this problem, the issuing university can publish the digest of every grade report to be distributed. This collection of digest cannot be used to obtain students’ grades, but anyone who receives a digital report card can digest the bytes of the document and compare it to the digest published online happened. If both digested, the grade report was not tampered with.
Concept 2: Public Key Infrastructure (PKI)
Without going into too many details, the public key infrastructure (PKI) consists of a pair of asymmetric keys. These keys cannot be obtained from each other, but if you encrypt data with one key, you can only decrypt that data with another key. It is important that the private key remains private (usually it is stored on a physical device from which it cannot be copied); Public keys can be shared with the world.
How can we trust information in public certificates?
If the digest stored in the document matches with the digest calculated on the fly based on the document bytes, integrity is assured on the condition that the digest was successfully decrypted using the public key. We know that if both digests match, the digest was successfully decrypted, authenticating the owner of the corresponding private key as the author of the signature. This writer cannot deny that he signed the document until he could prove that his private key was stolen.
There is only one uncertainty left: how can we trust the information in the public certificate?
How can we check if the private key has not been revoked (for example: because the owner reported it to be stolen)?
All these questions are answered by a Certificate Authority (CA). A CA issues public and private keys only to parties whose identity has been fully investigated. The CA will also maintain a database of all public certificates issued, including information about the keys that were revoked.