Signing & Encryption

ubi:signer Digital Documents Signing, Encryption and Validation

In cases of documents communication, digital signatures and public key cryptography is utilized to reassure data integrity and non‐repudiation. Using these technological principles, ubi:signer enables the sender of the document to authenticate himself/herself to the receiver (so the receiver knows that it is really the sender who sent the message).

Digital Signing

In order to send a document, the sender utilizes the signing functionality of ubi:signer so as to apply his/her own digital signature to the document, using his/her private key to encrypt a digest of the document and append it to the actual document. At the receiving end, the reverse procedure is followed, according to which the document is separated from its hashed digest. Then, the document is also hashed and the digest is decrypted using the public key of the sender. If the two hashes are identical, the signature is valid. For the purposes of digital signing, the users of ubi:signer have to use a pair of personal public-private keys, stored in a hardware security module (like a USB stick or smart card). The public keys of the users exist in the form of digital certificates, which are digital documents that bind these public keys to the actual owner signed by a certification authority.

Encryption

In order to reassure data privacy, ubi:signer adopts an asymmetric encryption approach using the pair of public-private keys of the receiver. In particular, ubi:signer allows end-users to encrypt, store and exchange documents using the public key of the receiver. These documents can only be decrypted by the holder of the paired private key (i.e. the receiver), in order to ensure that documents sent are only accessed by the authorized person, who holds the paired private key.

Technical Characteristics

ubi:signer constitutes a custom-made software for documents digital signing and encryption, employing the Java Web Start technology that is a helper application that is associated with a Web browser and enables standalone Java software applications to be deployed on the Web. When a user clicks on a link that points to a special launch file (i.e. a JNLP file), it causes the browser to launch Java Web Start, which then automatically downloads, caches, and runs the given Java‐based application. The entire process is completed without requiring any interaction of the user, except for the initial single click. From a technology standpoint, Java Web Start inherits a number of key benefits to ubi:signer:

  • fully automated, Web‐centric distribution and installation of Java 2 applications, applets, and extensions based on the JNLP.
  • resource caching: application components are cached automatically on the client’s machine.
  • browser independence: applications are executed outside of the browser process and can also be launched directly from the desktop.
  • JVM [Java Virtual Machine] independence: a pre‐requisite virtual machine implementation and version can be specified and, if not already present on the client’s machine, they are downloaded and installed automatically.
  • transparent updating: versions of cached application resources are checked against those hosted on the Web server. Newer versions are downloaded and installed automatically.
  • Incremental updates: only new or modified classes and resources need to be uploaded to the client’s machine.