[REBOL] Re: rebol and electronic-signature ...
From: tserpa:earthlink at: 30-Apr-2003 10:00
Hi Petr,
Although I'm not even close to an expert, I have recently been thinking
quite a bit about how to implement this. First of all, Rebol has a great
base in place for developing an e-signature tool. For comparison, take a
look at how Adobe Acrobat does it and how complicated and expensive it is to
use. There are a couple of server based systems that I know of, e.g.
AlphaTrust, but they are very expensive (starting at $9000). I think a
Rebol server-based digital signature tool could be developed rather easily
and cheapily and could offer stiff competition to systems like AlphaTrust.
Everything you need to know is in the Rebol encryption doc (certificates
aren't really necessary - unless maybe you are trying to use 3rd party -
like Verisign - ID's, but if you "trust" and know the people you are dealing
with 3rd party ID's aren't necessary - you can use the keys that you
generate with Rebol):
http://www.rebol.com/docs/encryption.html
These are the steps for a digital signature:
Creation:
1. A message digest is created for the original document.
2. The message digest is then encrypted with the signer's private key.
Verification:
1. The original message digest is decrypted using the signer's public key.
2. A second message digest of the original document is created.
3. The two message digests are compared.
- If the two md's match, then the document has not been changed and the
sig is valid.
- If the values don't match, the data either changed (or is corrupt) or
the public key does not match.
After reading through the Rebol encryption doc, I think you will see that
everything in this process is covered, and it is very easy to envision how
all of this could be handled without any client based software (although a
digital signature Reblet may be useful).
I hope I didn't describe everything that you already know.
Ted Serpa
