Digital Signatures

FAA Advisory Circular (AC120-78) Excepts of Guidelines on the Use of Digital Signatures

Authentication.

The means by which a system validates an authorized user's identity. These may include a password, a personal identification number (PIN), a cryptographic key or badge swipe.

Digital Signature.

Cryptographically generated data that identifies a document's signatory (signer) and certifies that the document has not been altered. Digital signature technology is the foundation of a variety of security, electronic business, and electronic commerce products. This technology is based on public/private key cryptography, digital signature technology used in secure messaging, public key infrastructure (PKI), virtual private network (VPN), web standards for secure transactions, and electronic digital signatures.

Electronic Signature.

The online equivalent of a handwritten signature. It is an electronic sound, symbol, or process attached to or logically associated with a contract or other record and executed or adopted by an individual. It electronically identifies and authenticates an individual entering, verifying, or auditing computer-based records. An electronic signature combines cryptographic functions of digital signatures with the image of an individual's handwritten signature or some other visible mark considered acceptable in a traditional signing process. It authenticates data with a hash algorithm and provides permanent, secure user-authentication.

FAA Guidelines.

. FAA is providing guidelines for electronic signatures, electronic recordkeeping systems and electronic manuals. The following guidelines are edited excerpts from FAA Flight Standards AC 128-70.

The Government Paperwork Elimination Act (GPEA), Public Law 105-277, Title XVII, and the Electronic Signatures in Global and National Commerce Act (E-Sign), Public Law 106-229, encourage use of electronic signatures. When electronic signatures are used and accepted, electronic recordkeeping and document transfer will also be encouraged meeting the goals of the Small Business Paperwork Relief Act of 2002.

The Office of Management and Budget (OMB), Executive Office of the President, has issued OMB Circular A-130, Management of Federal Information Resources. This document directs the FAA and other government agencies to recognize the limitations on electronic record-keeping systems due to restrictions on the use of electronic signatures. The FAA recognizes this limitation and will now permit the use of electronic signatures. Personnel may now use complete electronic recordkeeping systems because the requirement to authenticate documents with non-electronic signatures has been eliminated. Such systems may now be used to generate aircraft records (e.g., load manifests, dispatch releases, maintenance task cards, aircraft maintenance records, flight releases, airworthiness releases, and flight test reports) that can be properly authenticated with an electronic signature.

Using electronic signatures will make it easier to identify a document signer (signatory). Their use will help eliminate the traceability difficulties associated with illegible handwritten entries and the deterioration of paper documents.

General.

Before recent changes to permit the use of electronic signatures, handwritten signatures were used on any required record, record entry, or document. The electronic signature's purpose is identical to that of a handwritten signature or any other form of signature currently accepted by the FAA. The handwritten signature is universally accepted because it has certain qualities and attributes that should be preserved in any electronic signature. Therefore, an electronic signature should possess those qualities and attributes that guarantee a handwritten signature's authenticity.

Forms of Electronic Signatures.

An electronic signature may be in the following forms.

Identifying Information.

Not all identifying information found in an electronic system may constitute a signature. For example, the entry of an individual's name in an electronic system may not constitute an electronic signature. Other guarantees equal to those of a handwritten signature should be provided.

Attributes of an Acceptable Electronic Signature.

First and foremost, an electronic signature must be part of a well-designed program. This program should, at a minimum, consider the following.

Uniqueness.

An electronic signature should retain those qualities of a handwritten signature that guarantee its uniqueness. A signature should identify a specific individual and be difficult to duplicate. A unique signature provides evidence that an individual agrees with a statement. An electronic system cannot provide a unique identification with reasonable certainty unless the identification is difficult for an unauthorized individual to duplicate. An acceptable method of proving the uniqueness of a signature is by using an identification and authentication procedure that validates the identity of the signatory. For example, an individual using an electronic signature should be required to identify himself or herself, and the system that produces the electronic signature should then authenticate that identification. Acceptable means of identification and authentication include the use of separate and unrelated identification and authentication codes. These codes could be encoded onto badges, cards, cryptographic keys, or other objects. Systems using PINs or passwords also are an acceptable method of ensuring uniqueness. Additionally, a system could use physical characteristics, such as a fingerprint, handprint, or voice pattern, as a method of identification and authorization.

Significance.

An individual using an electronic signature should take deliberate and recognizable action to affix his or her signature. Acceptable, deliberate actions for creating a digital electronic signature include, but are not limited to, the following:

Scope.

The scope of information being affirmed with an electronic signature should be clear to the signatory and to subsequent readers of the record, record entry, or document. Handwritten documents place the signature close to the information to identify those items attested to by a signature. However, electronic documents may not position a signature in the same way. It is therefore important to clearly identify the specific sections of a record or document that are affirmed by a signature from those sections that are not. Acceptable methods of marking the affected areas include, but are not limited to, highlighting, contrast inversion, or the use of borders or flashing characters. Additionally, the system should notify the signatory that the signature has been affixed. The user should be asked to ensure that the identified material is, in fact, what is being signed for after affixing the signature. The user also should be able to retrieve a report listing all places where his or her digital electronic signature has been applied. The FAA is not concerned with the computer technology used to accomplish the above tasks. Instead, the FAA concern is with the accuracy of the record and that the signatory is fully aware of what he or she is signing.

Signature Security.

The security of an individual's handwritten signature is maintained by ensuring that it is difficult for another individual to duplicate or alter it. An electronic signature should maintain an equivalent level of security. An electronic system that produces signatures should restrict other individuals from affixing another individual's signature to a record, record entry, or document.

Non-repudiation.

An electronic signature should prevent a signatory from denying that he or she affixed a signature to a specific record, record entry, or document. The more difficult it is to duplicate a signature, the likelier the signature was created by the signatory. The system's security features that make it difficult for others to duplicate signatures or alter signed documents usually ensure that a signature was indeed made by the signatory. Many off-the-shelf computer software packages, such as Adobe Acrobat, contain a self-sign utility. Although such computer software can provide an electronic signature for individuals or a group of individuals participating in an electronic signature program, a self-sign utility by itself cannot be used for the purposes detailed in AC 120-78 for aircraft operational and maintenance records. However, it can become the basis of a digital signature programmeeting the requirements of AC120-78 if the public and private keys are issued and controlled by a trusted third party.

Traceability.

An electronic signature should provide positive traceability to the individual who signed a record, record entry, or any other document.

Adobe Acrobat Digital Signature and Security.

The following information will help you understanding the use of digital signatures and the levels of security for Adobe PDF Documents. You must have a copy of Adobe Acrobat 5.0 or Adobe Approval 5.0 with its user documentation to access the features and functions as described below.

The digital signatures features.

Acrobat offers much more than the ability to "sign" a document to indicate that you have read and approved it, for example.

A digital signature, like a conventional handwritten signature, identifies a person or entity signing a document. Unlike traditional signatures on paper, however, each digital signature stores information "behind the scenes" about the person signing and about the exact state of the document when it was signed.

What your signature looks like.

A digital signature can have any one of several formats--a handwritten name, a logo or other graphic, or simply text explaining the purpose of the signing. Depending on your signature handler, a signature may even be invisible. (It is important to remember that the appearance of a signature is just its representation on the page and is not the actual electronic signature information.)

Signature formats

A. Text signature
B. Graphic signature
C. Handwritten name signature

Signing a document.

Before you can digitally sign a document for the first time, you must choose a signature handler (if you have more than one installed). If you haven't installed any additional signature handlers, Acrobat Self-Sign Security will be used as the default signature handler. If Acrobat Self-Sign Security is your signature handler, you must also create a password-protected profile within the signature handler before you can sign.

Verifying someone else's signature.

When you receive a document signed by a third party, you should verify the signature to ensure that the document was indeed signed by that person and has not been altered since it was signed.To verify the signature of a third party, you need to import their user certificate.They can e-mail you their user certificate, or they can store it in a shared folder from which you can copy it. Similarly, if you send a signed document to a third party, you should e-mail them a copy of your certificate so that they can verify your signature. Alternatively, you can put a copy of your certificate in a shared folder.

Checking a document for changes made since it was signed.

Once a document is signed, any changes made since the signing are recorded in the Signatures palette.You can track changes made between signings using the Signatures palette or by comparing signed versions of the document.

Comparing versions of signed documents.

You can easily see changes made between two signed versions of a document using the Compare Two Versions Within a Signed Document command. Acrobat will display the pages of the document side-by-side and highlight the differences between the two documents.

Selecting a signature handler.

The digital signatures feature in Acrobat uses a signature handler plug-in.You add, verify, and manage your signatures using commands and tools in the Acrobat interface, but the signature handler plug-in determines the nature of the signatures--their appearance on the page, the exact information stored in them, and the attributes and method used for their verification.The flexibility of this structure allows you to use whichever signing method your company or regulations require, with Acrobat providing a consistent and convenient front end.

Acrobat comes with the default signature handler Acrobat Self-Sign Security for basic signing purposes. Self-Sign Security is included in the default Acrobat installation.Third-party signature handlers are available for custom installation (Windows). See the Adobe Web site (http://www.adobe.com).

About Acrobat Self-Sign Security.

Acrobat Self-Sign Security, the default Acrobat signature handler, provides a quick and easy method of signing documents using a private/public key (PPK) system to verify the authenticity of signatures and the integrity of signed document versions. (This is a direct-trust system.) You can also use Acrobat Self-Sign Security to encrypt PDF files.

In Acrobat Self-Sign Security, each signature is associated with a profile that contains unique security data--a private key and a public key.The private key is a password-protected numerical value that allows the user to sign a document.The public key is embedded in the digital signature and is used to mathematically verify digital signatures when the signatures are verified.The private key encrypts a checksum that is stored with a signature when you sign; the public key decrypts the checksum when you verify. (Acrobat Self-Sign Security uses the RSA algorithm for generating private/public key pairs and the X.509 standard for certificates.)

Because other users must have access to your public key to verify your signature, your public key is contained in a certificate that can be shared. This system of sharing certificates used by Acrobat Self-Sign Security is referred to as direct-trust, which means that you share directly with other users rather than going through a third-party agent.

Note: Acrobat Self-Sign Security does not include a public-key infrastructure with third-party certification and is not intended to serve all signing purposes. See the Security folder on the Adobe Web site (http://www.adobe.com) for information on signature handlers with more advanced features.

Setting up profiles in Acrobat Self-Sign Security.

Before you can sign documents with Acrobat Self-Sign Security, you must set up a profile--a password-protected file--containing your name, your password, and other basic attributes.You may want to create more than one profile if you sign documents in different roles.

Creating Acrobat profiles.

Your profile file stores your private key (encrypted), your public key (wrapped in a certificate), your list of trusted certificates (certificates of other users), and a time-out value representing when a password is required for signing.The name of the file is the profile name you provide, plus the extension .apf.

Adding graphics to signatures.

You can use a picture or a combination of graphics and words as your digital signature. You might want to include a logo or use an image of your handwritten signature.The amount and type of information that can be contained in a digital signature also means that it can meet legal requirements.

Working with signatures.

A document in Acrobat can be signed more than once and by more than one person.The first time a document is signed, it is saved in an append-only form of Adobe PDF that can be appended to but not altered. Every time the document is signed after that, the new signature and any changes made since the preceding version are appended to the file. When you view a document with more than one signature, you're viewing the most recent version, but you can open an earlier version in a separate file and compare the two versions to see changes between them.

In Acrobat 5.0, the digital signatures feature enables your signature handler to add digital signatures to PDF files, supports the Signature navigation pane, gives access to all the signatures in a document, and supports the Compare commands. Important: Because a document is saved in append-only form the first time it is signed, you can only append changes to the file (using Save As); you cannot do a full save (using Save). A full save will invalidate all signatures.

Logging in to a profile.

You need to be logged in to your profile before you can sign documents or verify signatures. If you sign a document using the digital signatures feature or the digital signature tool, you will be prompted to log in to your profile (if you have not already done so) before you can sign the document.

About signature fields.

When you sign a document, your signature and the related information are stored in a signature field embedded on the page. A signature field is an Acrobat form field. You can add a signature field to a page as you sign, or you can use the form tool to create an empty signature field that can be signed later. When you create a signature field with the form tool, you can have Acrobat execute a script or lock all fields in the document when it is signed.You can also customize the field in several other ways.

Note: If you're signing an existing field, be aware that the document author may have put duplicates of the field on other document pages. For example, sometimes a field is copied to the same place on every page. You need to sign the field only once, and your signature will appear in all occurrences of the field. This is sometimes done to allow quick initialing of every page in a document.

Adding signatures to a document.

You can sign a document in several ways, both visibly and invisibly. Invisible signatures do not appear in the document, but they are visible in the Signatures palette.

Note: If you delete a page that carries a signature, visible or invisible, the signature is deleted also.

When you add a signature with Acrobat Self-Sign Security as your signature handler, your signature is verified automatically. Adding a signature does not affect the verification status of existing signatures in the document.

Adding signatures to a document in a browser.

Signing a document in a browser as opposed to in Acrobat is slightly different.When you sign a document in a browser, only the incremental portion of the file is saved to your hard drive. (You will notice that there is a Sign rather than a Save or Save As button when you sign the document.) To save a copy of the signed document, you must save the copy in the browser to your hard drive.

Verifying signatures.

When you verify a signature that was added with Acrobat Self-Sign Security, Acrobat can confirm the authenticity of the signature in two ways:

Deleting signatures and clearing signature fields.

You can remove a signature totally or you can clear a signature field (that is, delete the signature but leave the empty signature field). As with other edits you make to a signed document, this adds another version to the document without altering earlier versions. Another user can roll back to an earlier version to see the original signature.

Tracking digital signatures in the Signatures palette.

The Signatures palette lists all the signatures in the current document (with their status), in the order they were added.You can collapse a signature to see only a name, date, and status, or you can expand it to see more information.

Viewing earlier versions of a signed document.

If a document is signed more than once, Acrobat maintains all of the signed versions in a single Adobe PDF file. After the first time a document is signed, and each time the document is signed, a version is saved as append-only to ensure that it will not be altered. All signatures and the versions of the document corresponding to those signatures are listed in the Signatures palette.

Managing user certificates.

Your user certificate contains a public key that is used to verify your digital signature. Before other users can verify your signature on documents they receive, they must have access to your user certificate.You should build a list of user certificates that you use often. Sharing your user certificate

You can share your user certificate with others by exporting your certificate (as an FDF file) to a key file or by e-mailing your certificate directly. Users can also import your user certificate from verified signatures in a document.

Getting information on certificates.

You can open a dialog box to view user attributes, verification parameters, and other information on a particular certificate.The dialog box is not editable, but you can copy text from it.

Building a list of trusted certificates. You can keep a copy of other users' certificates in a list of trusted certificates so that you can verify the signatures of these users on any documents you receive.You add another user's certificate to your list of trusted certificates by importing the certificate from an Acrobat key file or from a PDF document signed by another Self-Sign user.

Important: The format of the Acrobat key file is specific to Self-Sign Security; you cannot import user certificates from key files created by other applications.

Acrobat Self-Sign Security provides unique fingerprint information for each certificate to help you ensure the certificate's authenticity when you import it.

Setting Acrobat Self-Sign Security preferences. You can choose to encapsulate your signature in the standard PKCS#7 format for compatibility with other signature handlers.

Encrypting PDF files. Acrobat Self-Sign Security encrypts PDF files, allowing you to securely share those files with a list of recipients you define.You must have a Trusted Certificate for each recipient to whom you want to send your encrypted file.You can also define the recipient's level of access to the file--for example, whether the recipient can edit, copy, or print the files.You should be sure that the certificate is intended for encrypting PDF files.This will be the case, if the certificate comes from the Self-Sign Security plug-in on the recipient's machine. However, if you import a certificate from any p7c file into Self-Sign list of trusted certificates, the private key that corresponds to this certificate may not be accessible from the recipient's Acrobat program.