Digital / e-Signature

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
For some new stuff I want to do, I need to sign documents electronically. That means I have to get a DSC - I guess this stands for Digital Signature Certificate. There are a handful of CAs providing them here (empowered / empaneled by the gormint). The weird thing is they all talk about Internet Explorer and Netscape.

One CA's website says IE 5.5 or 6 or Netscape Communicator 4.7x, 4.8, 7.x is required and an Intel-based PC, 866Mhz Pentium or faster + 128MB RAM! Unholy shite!

I've sent them all nasty emails asking what era they're living in. But the wholesale reliance on these two browsers leaves me shocked. Chrome is nowhere in the picture, and I'd think it is probably the most proactively managed (from a security standpoint) of all the browsers.

This is all very troubling especially when W10 has introduced Edge. Is IE still available for W10 and will it work in W10?

Would Mozzarella Firefox be considered to be Netscape?

Too many inflection points in my life right now :crap: :confused:

Jaded as I am, it is amazing that there's still stuff out there that blows my mind.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
I suspect there might be newer definitions and legal standards for that stuff and the problem relates to the search terms you're using, but then I also know my state has electronic service's that still mandate IE, so... Maybe?
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
Do you have to buy in-country?
I believe so. It has to be gormint approved. Waiting to hear back, hopefully today. Some of them insist on a USB hardware token - an encrypted flash drive. Nobody talks of what will happen if it fails (fortunately I've never had a flash drive fail on me so far, but my usage is very low). I am unclear on how the whole thing works. All of them prefer IE; I guess the certificate gets stored in the browser (or the registry).

In any case I'll need to somehow back it up in case the HDD crashes or whatever.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
Load the certificates module into mmc to look at your personal or computer certs.
The USB device sounds like the devices we've had to leave installed to license some specialized software. No stick, no license. Hard to understand how that would work unless they also make you install particular software.
Our digital signature solution was appliance based and AD aware so I may run out of hints pretty quickly.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
What's mmc? You lost me there.

No replies from any of the CAs to my queries. This is really frustrating.
 

LunarMist

I can't believe I'm a
Joined
Feb 1, 2003
Messages
15,268
Location
USA
Can you do this with Adobe eSign (Echosign)? That resolved a ton of complaints from third parties about web-based approvals.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
Thanks Handy.

Lunar, I think not, I can only use a locally approved Certificate Authority.

Howell, I think I'll be constrained to implement it the way the CA dictates. I'll post back once everything happens; probably a few more business days.
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,197
Location
USA
I admit ignorance in certificats so if this suggestion has nothing to do with this I apologize. Would using the Let's Encrypt utility help you generate a free CA?

https://letsencrypt.org/
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
I think his problem it's only partially technical, but mostly political/policy. Some US CAs offer free certs for personal use but if the recipient does not trust (in a psychological sense) your CA then it is not sufficient for the purpose.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
Handy, what Howell said. The Ministry of Company Affairs will accept a Digital Signature only when the corresponding certificate is issued by a list curated by it. It's not frightfully expensive, but - a) the obsolete hw/sw they list on the website and b) the cumbersome process of providing validated documentation - are what irk me.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,315
Location
Monterey, CA
I recently had to dig into the cert wormhole here (when you want a piece of "The Cloud" hosted locally you get into all kinds of mess). At the end of the day I had the vendor providing the software deal with it.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
I have my e-sig. The certificate is on a protected / special type of USB flash pen drive.

The good news:
While the e-sig can be used for a variety of purposes, at present my only need is to comply with Ministry of Company Affairs requirements. All hail the Gods, the MCA website supports the following:
- Internet Explorer Version 9 or above
- Firefox Versions 24 or above
- Chrome Version 33 or above

Not current, but not stone age either. And, choices other than IE!

The bad news:
- JRE (Java Runtime Environment) - JDK1.6u30 and above required

My immediate need is a one-time use of the e-sig. I am planning to install JRE 8u73 (the latest available) on W7, finish my work with the MCA, then uninstall it. As and when I have time, I will probably create an XP or W7 VM with Java installed for use with the MCA in future.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
Today I received good news by email; a nearly 4-month long odyssey ended successfully.

I faced innumerable obstacles created by apathetic bureaucrats and a whole lot of missing info.

1. An e-form I had to fill had a bug in its design that a govt. department refused to acknowledge or fix. Complaints raised on their website were summarily closed with vague explanations that had nothing to do with the problem. I finally got around this with some monkey business that I have to fix in a few months by filing an amendment to my info.

2. Since it was my first time with digital signatures, I had no idea how to use it; the form had a box I was supposed to click, and when I did, nothing happened. I was advised to uninstall and reinstall specific older versions of Acrobat reader (ver. 11.0.04) and Java runtime (ver 7 update 67). I was able to get hold of the former from oldversion.com (bless them) and the latter required registration with Oracle, including mandatory company name etc. which I had to cook up. Bastards. Fortunately they have all the old versions listed there. I am told the digital signature certificates rely on Java, but it comes with zero documentation. I got this far only because of a constant dialogue with someone who does this for a living.

3. Once #2 was in place, still no cigar. This was because of peculiar form design; there are two sections, one for me, one for the professional (CPA types) who have to attest my application. My digital signature box was at the end of my section, as one would expect, and the digital signature box for the professional was at the end of their section. Again, ONLY because of advice from someone who knew this particular form, I found out that I had to fill out my section, email it to the professional who had to fill out his section and email it back to me, then I was able to digitally sign, then I had to email it back to him for his digital signature, then he emailed it back to me for upload to the govt. website! I could never, ever have figured out such convoluted, idiotic design by myself! May the person(s) who designed this form roast in hell for eternity.

The upside to all this effort is that 1. mission accomplished and 2. I know (sorta) how to digitally sign now.

:drnk:

So now my W7 installation is the buggered version with the old Acrobat Reader and JRE installed. My W10 is now my daily-use system, with the W7 reserved for digital signatures and funky requirements.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
On second thought: should I upgrade my W7 to W10? I need to be on IE 11 or earlier, and the old versions of Java and Acrobat.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
Windows 10 does have IE11 and there's nothing that would prevent you from having crappy old versions of Java or Acrobat. If nothing else, you can upgrade and back out of it, just to have the license.

I'm getting second-hand angry about the whole ordeal involved in doing this. It shouldn't be that hard.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
Thanks Merc. I need to be careful since my W7 dual boots with W10, and I can't afford to screw up either one of them.
 
Top