Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: rebol and electronic-signature ...

From: petr::krenzelok::trz::cz at: 30-Apr-2003 19:52

Ladislav Mecir wrote:
>Hi Pekr, > >>simple question - for e-business automation purposes, our law allows to >>replace paper invoices by electronically delivered once, but such data >>has to be electronically signed (hopefully not encrypted). So I would >>like to ask, if Rebol/Command is able to somehow investigate the >>certificate, check it and to send electronically signed documents. >> >>I am not sure I understand the issue correctly, but am I correct that >>electronic signature is "just" public key file attached to the end of >>the email? >> >> > >According to the czech law the electronic signature isn't "just" a public key file attached to the end of the email. To be recognized as an electronic signature, it has to be registered. >
yes .... I am now pressed for the time, so I haven't read all the answers properly yet, but it works as follows: - there is so called Certification Authority - independent, trusted party, which you ask for generating you a certificate - let's say your company wants to send me e-signed invoice - you tell me what CA you use, and I have to install their Certificate - you send me e-signed (beware - e-signed does not necessarily mena encrypted) stuff - I extract key from the message body and check against installed CA, if you are valid partner to deal with 1) here you can imput your e-mail adress, and CA Czechia will send you an example email - you can look at message source in your favourite mailer. In Mozilla and Outlook, you will find special icon, which will enable you to see certificate tree - 2) and here you can see ROOT CA Czechia Certificate, CA Czechia certificate - try following link - print read and try to press it as a link from your browser - as you can probably see - browsers know how to parse it - you will be able to accept it and see its structure. I called Czechia Tech support and they told me OpenSSL was used + some OS services or so. Now the question is - if browsers know how to parse it into structure, why Command can't? Maybe that is exactly what Command docs note is about - it can handle certificates internally, but does not expose the info .... in such case though, Command misses one fine area of possible usage - apps for e-signed communication ... ... or am I still missing something? :-) Cheers, -pekr-