ArchiSig

from Wikipedia, the free encyclopedia

The ArchiSig concept describes a procedure for the secure and evidential long-term archiving of electronic documents in the context of German legislation. In a project funded by the Federal Ministry of Economics and Labor as part of the “ VERNET - Secure and Reliable Transactions in Open Communication Networks” project, “ArchiSig - Convincing and secure long-term archiving of digitally signed documents”, archiving concepts and corresponding technologies were taken up and expanded. The project ran from July 2001 to December 2003. The results of the concept led to the Standard Long-Term Archiving and Notary Service / Evidence Record Syntax (LTANS / ERS), which was promoted by a working group of the Internet Engineering Task Force ( IETF ) Released in 2007.

From the knowledge gained in the ArchiSig project that the problem of format transformation must also be solved in the course of long-term archiving , the follow-up project TransiDoc was launched, the results of which were published at the end of 2007. It was necessary to clarify how proof can be provided that a document in the current ISO standard TIFF or PDF / A format for long-term archiving has been correctly converted into a format in the future, including the consideration of electronic signatures.

Task

Electronic documents are only conclusive in court with an electronic signature . However, the evidential value of electronic documents is not guaranteed over a long period of time. Over time, digital signatures lose their evidential value, they cryptographically fade . On the one hand, the algorithms and keys used for signing lose their suitability for evidence over time; on the other hand, there is no guarantee that the certificates used can still be checked after a long period of time. The rating of the algorithm strengths is published in January of each year by the Federal Network Agency ( BNetzA ) following a proposal by the Federal Office for Information Security ( BSI ), which is responsible for analyzing strengths, and after consultation with industry representatives and associations.

The lack of long-term suitability and the lack of technical and organizational recommendations had prevented documents that had to have evidential value for a long period of time from being electronically exchanged and thus also electronically archived in areas such as the health care system and public administration. There are now some ArchiSig-compliant products on the market, so that more and more companies are relying on more efficient processes with purely electronic documents.

Solution approach

In order to achieve the long-term evidential value of digitally signed documents and their integration into practical application, the entire cycle from the creation of the document, signature creation, presentation, communication and archiving to later use must be considered. Technical components and interfaces as well as organizational concepts were specified and implemented as prototypes, taking existing standards into account.

Concepts

Several concepts were developed as part of the project. These treated

  • the determination of which data can be used to successfully prove the authenticity of a document and how this verification data can be integrated into signed documents,
  • the renewal of signatures through electronic archive time stamping, see Specification of Evidence Record Syntax
  • the determination of the security suitability of cryptographic algorithms,
  • the transformation of existing paper documents into electronic documents with public authentication.

implementation

During the project, the Fraunhofer Institute for Secure Information Technology developed the product Archisoft on the basis of the ArchiSig concept, so that all processes from archiving to judicial evidence assessment could also be practically validated. Similar products are offered by Governikus GmbH & Co. KG, OpenLimit SignCubes GmbH, Fujitsu Technology Solutions GmbH, Mentana-Claimsoft GmbH, procilon IT-Solutions GmbH, SecCommerce Informationssysteme GmbH and secrypt GmbH.

The ArchiSig products serve as an attachment for typical archive systems in order to offer ArchiSig-compliant overall solutions. The documents are saved with their signatures in the archive system and then transferred to the ArchiSig products after archiving with the path (DOCID) for registration. A hash value is calculated for each data object (document or signature file) and stored together with the path in a hash tree (see ERS). The task of ArchiSig products is to take care of the re-signing if the Federal Network Agency classifies one of the algorithms used as weak. The path is used so that the ArchiSig product can load the document from the archive in the event of a re-signing with re-hashing. The data is typically stored in a secure SQL database.

Certification

There is no certification process for either the ArchiSig concept or the LTANS / ERS standard. So it is a matter of trust to believe a product manufacturer is ArchiSig / LTANS / ERS conformity based on his presentations and documentation. A tried and tested means might be to commission one of the members of the LTANS working group to carry out a conformity test of the inspected product.

First case of re-signing in 2007

In February 2007, a signature algorithm was announced for the first time as weak at the end of 2008 . The RSA signature algorithm with a key length of 1024, which was frequently used at the time, was affected. It is used to sign the hash value of the document to be signed with the author's personal key, which is permanently "burned" into the chip of his smart card . This meant that all chip cards had to be exchanged by December 31, 2007, so that from January 1, 2008 the new cards could continue to be used for evidential signing. Likewise, customers who recognized the need to preserve evidential value had to re-sign all previously signed documents in accordance with the Signature Act ( SigV ). In November 2007, the hash algorithm SHA-1, which had also been in use until April 1, 2008, was announced as weak. Since in many cases the companies were not yet prepared for the case of re-signing, the Federal Network Agency gave everyone a little more time on December 17, 2007 and extended the time for completion by 3 months.

The algorithms currently in use are SHA-256 for hashing documents and RSA with key length 2048 for signing the hash values. Both algorithms are expected to be strong by the end of 2020. This means that by then at the latest, all electronically signed documents must be signed again with the need to preserve evidential value.

criticism

The ArchiSig project followed the strict interpretation of the signature law and did not discuss any exceptions to re-signing. Critical voices believe that documents that are stored in a GoBS- compliant electronic archive do not have to be re-signed. The purpose of such archives is to ensure the integrity of documents. However, since a qualified electronic signature not only ensures the integrity, but also the authenticity - the authenticity of the documents to be stored, ArchiSig goes beyond the functionality of GoBS-compliant archiving systems. Resigning only makes sense for a document that leaves the archive, e.g. B. to be presented as evidence in court, in the case of a migration or a transfer to a central archive.

Individual evidence

  1. IETF LTANS Working Group ( Memento of the original of July 10, 2009 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.ietf.org
  2. conference on the publication of TransiDoc project results
  3. Recommendation of the general use of the ArchSig procedure for a higher evidential value in the storage of unsigned documents in " Guidelines for the storage of electronic and electronically signed documents" ( Memento of the original from February 19, 2009 in the Internet Archive ) Info: The archive link was inserted automatically and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. (PDF; 817 kB), published by the Federal Ministry of Economics (2007) @1@ 2Template: Webachiv / IABot / www.bmwi.de
  4. RFC 4998 - Specification of Evidence Record Syntax
  5. ArchiSoft from the Fraunhofer Institute ( Memento from October 24, 2010 in the Internet Archive )
  6. Governikus LZA of Governikus GmbH & Co. KG ( Memento of the original from March 25, 2016 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.governikus.com
  7. OverSign from OpenLimit SignCubes GmbH ( Memento from October 24, 2010 in the Internet Archive )
  8. SecDocs: Trustworthy long-term archiving
  9. Hash-Safe from Mentana-Claimsoft GmbH ( Memento from May 18, 2009 in the Internet Archive )
  10. ProGOV archive of procilon IT-Solutions GmbH  ( page no longer available , search in web archivesInfo: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. (PDF; 2.2 MB)@1@ 2Template: Dead Link / www.progov.de  
  11. SecPKI server from SecCommerce Informationssysteme GmbH
  12. digiSeal archive from secrypt GmbH
  13. Publication of the Federal Network Agency of February 22, 2007: “Announcement on the electronic signature according to the Signature Act and the Signature Ordinance (overview of suitable algorithms)” ( Memento of the original from June 17, 2009 in the Internet Archive ) Info: The archive link was automatically inserted and still Not checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.bundesnetzagentur.de
  14. Publication of the Federal Network Agency of December 17, 2007: “Announcement on the electronic signature according to the Signature Act and the Signature Ordinance (overview of suitable algorithms)” ( Memento of the original from June 17, 2009 in the Internet Archive ) Info: The archive link was automatically inserted and still Not checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.bundesnetzagentur.de
  15. Publication of the Federal Network Agency of January 13, 2014: "Announcement on the electronic signature according to the Signature Act and the Signature Ordinance (overview of suitable algorithms)"
  16. Article "Re-signing versus revision-proof archiving" (PDF; 58 kB) by Ulrich Kampffmeyer from 2006
  17. Article “Validity of Electronic Signatures” by Oliver Berndt from 2007
  18. Set of slides "Great Myths of Electronic Archiving"  ( page no longer available , search in web archivesInfo: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. for VOI by Thorsten Brandt from 2009@1@ 2Template: Dead Link / www.voi.de