Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: rebol and electronic-signature ...

From: tserpa:earthlink at: 30-Apr-2003 10:00

Hi Petr, Although I'm not even close to an expert, I have recently been thinking quite a bit about how to implement this. First of all, Rebol has a great base in place for developing an e-signature tool. For comparison, take a look at how Adobe Acrobat does it and how complicated and expensive it is to use. There are a couple of server based systems that I know of, e.g. AlphaTrust, but they are very expensive (starting at $9000). I think a Rebol server-based digital signature tool could be developed rather easily and cheapily and could offer stiff competition to systems like AlphaTrust. Everything you need to know is in the Rebol encryption doc (certificates aren't really necessary - unless maybe you are trying to use 3rd party - like Verisign - ID's, but if you "trust" and know the people you are dealing with 3rd party ID's aren't necessary - you can use the keys that you generate with Rebol): These are the steps for a digital signature: Creation: 1. A message digest is created for the original document. 2. The message digest is then encrypted with the signer's private key. Verification: 1. The original message digest is decrypted using the signer's public key. 2. A second message digest of the original document is created. 3. The two message digests are compared. - If the two md's match, then the document has not been changed and the sig is valid. - If the values don't match, the data either changed (or is corrupt) or the public key does not match. After reading through the Rebol encryption doc, I think you will see that everything in this process is covered, and it is very easy to envision how all of this could be handled without any client based software (although a digital signature Reblet may be useful). I hope I didn't describe everything that you already know. Ted Serpa