Digital Signature and iSeries?

[Martin Stoeberl]

Hi together!

I'm searching informations about iSeries and digital signature,
especially about signing documents like pdf's or fax. One software I
found is Direct Fax from Toolmaker for creating digitally signed fax
output. Someone know's a similair software for pdf's? We use infoprint
to create our pdf's, so we have to modify the pdf's after creation.

cu
Martin

[René H. Hartman]

Maybe Signature995 might help you out?
www.signature995.com
However, this would be hard to automate, since it's a PC based package,
but it does allow you to sign PDF's (among other files) after their
creation. Don't know about native PDF signing software for iSeries.

--

"Martin Stoeberl" <martins...@gmx.de> schreef in bericht
news:d1neeb$krg$00$1...@news.t-online.com...

[Madcap]

Hi Martin,

I think you need Digital Certificate Manager. You might want to visit
the iSeries Info Center...

http://publib.boulder.ibm.com/pubs/html/as400/infocenter.html

...and search for "Digital Certificate Manager". The link for
V5R3/English is:

http://publib.boulder.ibm.com/infocenter/iseries/v5r3/ic2924/index.htm

It will list the requirements and capabilities of DCM. I believe all
the required components are free products:

Digital Certificate Manager (5722SS1 option 34)
TCP/IP Utilities (5722TC1)
Cryptographic Access Provider 128-bit (5722AC3) AC1 or AC2 also
available
IBM HTTP Server (5722DG1)

Good luck!

-Kerry

[Martin Stoeberl]

Hi Madcap,

I had a look at it today. DCM seems to be used in first instance to sign
and validate objects which are transfered from one iSeries to another or
to secure that objects have not been modified on iSeries. Also it is
used to build up secure ssl connections.
I found no example on how to sign an object in ifs with system-api's and
validate the object later with another program on pc-side (a java
program for example). Also I don't found out if I can use DCM with java
to sign an object in ifs on iSeries. Perhaps it would be easier only to
use java without DCM to sign and verify files.
But I will have a closer look to this tomorrow ...

cu
Martin

Madcap schrieb:

[Martin Stoeberl]

A pc-based solution would be the last thing we try. But thanks for the
link, I will have a look at it!

cu
Martin

René H. Hartman schrieb:

[René H. Hartman]

Hi Martin,

I had a look at Madcap's mail and a serious read of the info behind the
second URL. I had the impressing DCM was only for SSL and VPN, but it
can do more than that. In fact, it seems to me that DCM will do the job.
Since you're using a private key to sign the object and the receiver
will use a public key to verify it's authenticity, I wouldn't think the
verification process would be different from any other PKI based setup,
regardless of platform. Unfortunately, I have no experience with the
verification of signed objects, but if you can verify a PDF on a PC
using a public key, I'd think it's not important on what platform the
PDF was created and/or signed.

Regards,
René

--

"Martin Stoeberl" <martins...@gmx.de> schreef in bericht

news:d1pkj9$asd$01$1...@news.t-online.com...

[Martin Stoeberl]

Hi René,

I came to the same conclusion. It should be possible to use the
certificate stored in DCM through the native jsse provider. I didn't try
it out until now because I have to look first if signing objects in this
way would satisfy the german digital signature law.

cu
Martin

René H. Hartman schrieb:

[Madcap]

SSL enabling FTP is what I used it for. I couldn't say one way or
another if its possible to sign objects without using the DCM
interface. Here's another book with API info:

AS/400 Internet Security: Developing a Digital Certificate
Infrastructure

http://www.redbooks.ibm.com/abstracts/sg245659.html

-Kerry

[mobilep...@gmail.com]

Hey Martin,

Did you got any custom solution for this? Appreciate your reply.

Regards,
M

[Mike]

I wrote a custom program using ProfoundUI that does just this. It's not ideal, but it is native on the system i and written in RPG.