1

I would like to print pre-signed documents with a verifiable OTP on it.

I'm a web/system developer, crypto and security enthusiast. Somehow, I'm now the head of HR in a hotel in Congo. As an IT guy, I want to do the most with less work, so for instance I've developped an intranet that automatically generates the required certificates (employer's certificates, training certificates, ...), with my own signature + company's stamp on it, as PDF.

For now, I'm the only one authorized to generate "pre-signed" documents, but it's not hard to scan and crop a document to extract this area, so I'm looking for a way to paste (inside the signature area) something like an OTP to be able to control the validity of a document.

For instance, we assign a given ID to a document, and assign a given OTP-like to the signature on that same document. Then, for anyone in the company, it will be possible to check on the intranet a given ID which will lead to the associated OTP (or the other way around).

Now my question is what would be the best non guessable way to implement it? UUIDs and/or a cryptographic signature seem to be logical choices, but too long (to paste in the signature area) IMO. Any idea?

Thank you for your help.

PS: I precise "Congo" above because there is currently NO LAW about numeric documents. Everything have to be printed, signed and aknowledged.

Max13
  • 195
  • 8

1 Answers1

1

Before answering the question itself, one thing:
Don't do it, because there is a huge flaw in your thinking.

If your boss comes to you with a faked document with your copied hand-written signature, and asks you why you did this, how you will convince him that the document was not made by you, with malicious intentions? The digital signature software is solely made and used by you => If you can't be trusted, the software can't be trusted, and vice versa. If the software tells the boss "that's wrong", it could either be true or a continuation of your lies. Assuming the boss is not supid, you can't convince him that you did nothing wrong. ... It's a bit like self-signed HTTPS certificates. "I guarantee that I am honest". Well...

...

If you still want to do it:

Assumption: You're properly protecting your system against unauthorized access, and you don't plan to give others access to create / store documents.

UUID are not better than crypt. signatures, so I won't talk about it at all.

A crypt. signature without online storage of the whole document:
Tldr: Some fallacies, and tedious in the best case.
You don't have to print the signature in the place where the hand-written signature is, it can be anywhere on the paper. And if done right, it's secure, but there is a fallacy whole governments get wrong:
Don't sign the binary content of a file. If you do, the paper document can't be verified, because scanning won't get you 100% the same file again. (And there's the problem of inserting the signature in the document after signing = changing the document...).
You need some process to sign only the core content. And to verify, someone needs to retype everything in the computer, without any error.

Crypt. Signature with online storage is better, but...

If you have the document online, you just can print a link to the online version, and to verify, the reader can compare it with the paper version visually. No need for any signature.

deviantfan
  • 3,854
  • 21
  • 22
  • Thanks a lot for your answer. I agree with the first part, if a document is issued with my hand signature (matching id/signature id), then I had issued this. Your second suggestion is a great idea. I'm facing this problem because an embassy came to check with us faked employee's files, the company stamps was copied/pasted but the signature wasn't one of our directors. Nothing prevent a so-called employee to scan my signature. If there is a flaw in my thinking, is there another way? Thank you for your suggestion. – Max13 Nov 14 '16 at 12:24
  • @Max13 `is there another way?` Without having some really trustworthy person/entity somewhere (trusted by you, your boss, etc.), no. – deviantfan Nov 14 '16 at 20:57
  • Currently, I'm considered 100% trustworthy. After some thoughts, I wonder if the `flaws` you mentioned are important after all. Actually, if we're paper only, the issue is the same, there is no difference between a falsified document, and a real one that I'm claiming I didn't write. The problem doesn't exist with me but could if I'm replaced. I think your last suggestion is the best, but can you tell me (or link) what is Crypt. Signature ? – Max13 Nov 15 '16 at 12:57
  • `Actually, if we're paper only, the issue is the same, there is no difference between a falsified document, and a real one that I'm claiming I didn't write` True, but well, paper always is insecure. But apparently I did go overboard with my attack scenarios: If you're satisfied with protecting documents from external forgery, but not from internal one, the last sentence in the answer is enough: ...contd. below – deviantfan Nov 15 '16 at 13:20
  • ... Links on the paper, linking to an online version of it; server properly protected from hacking, and the only people able to add docs are you and maybe other trusted employee. If necessary, print a randomly generated password on the paper too, and limit the tries on the server, so that unrelated persons can't view everything. – deviantfan Nov 15 '16 at 13:21
  • `If you're satisfied with protecting documents from external forgery, but not from internal one` currently it's enough. Other suggestions from others are welcome for the record. Thanks – Max13 Nov 15 '16 at 13:27