ODF Signature Service
fcorneli
I've extended the eID Applet Beta Site with an ODF Signature Service
test. Via this service you can digitally sign ODF documents. It also
supports multiple signatures created by different parties. Check out
the service at:
https://www.e-contract.be/eid-applet-beta/
Unfortunately OpenOffice.org itself does not show the created
signatures as being valid because of a long-standing bug in the
OpenOffice.org code. See also:
http://qa.openoffice.org/issues/show_bug.cgi?id=66276
Feedback is more than welcome.
Kind Regards,
Frank.
Frank Cornelis
> -Can I use your applet to send information to a CGI (PHP or another,
> but not Java) and still have all information secured?
>
The eID Applet requires a server-side eID Applet Service component to
operate. Right now we already have eID Applet Service implementations
for Java, PHP and ASP.NET. The PHP eID Applet Service component is not
yet bundled in the eID Applet SDK but already can be found in subversion at:
http://code.google.com/p/eid-applet/source/browse/#svn/trunk/eid-applet-php
> -I have seen your examples at the eid Applet Beta Site, but I haven't
> found some basic example to use with HTML and PHP. Basically, how will
> I receive all the fields? A post I suppose, but how are they encoded?
> What's their names? Any clue?
>
The eid-applet-php artifact contains sample PHP pages for both eID
identification and eID authentication using the new eID Applet. The eID
Applet protocol is described in the eID Applet developer's guide.
> -Last but not least, how do you ensure there is no forgery between
> your applet client side and all the information sent to the server? I
> mean, how can I be sure someone has not just copied all the data and
> is using a fake POST to send them all back? Is there something like a
> session key (or something else but unique at a time) I could give out
> to the applet that I will get back afterwards with a signature or
> something else?
>
As FedICT eID architect and designer/developer of the new eID Applet I
can assure you that the eID Applet offers a high level of security for
operating the eID card. See also:
http://code.google.com/p/eid-applet/wiki/GetTheFacts
http://groups.google.com/group/eid-applet/browse_thread/thread/bf8a409b1a25f4ac
http://groups.google.com/group/eid-applet/browse_thread/thread/38b40ddd084e8c87
Besides that, you can always check out the source code of the eID Applet
yourself to see if it has been constructed in a secure way.
> -I've read your applet does not work if we are not using HTTPS. Fine,
> but assuming I do not have an HTTPS local website, isn't there a way
> of getting rid of this for testing environment only? Or am I just
> wrong and it will work with HTTP in my local environment?
>
No. You always need an SSL connection between eID Applet and eID Applet
Service. You're using the lighttpd HTTP server. So SSL should be
possible for you.
> Thank you for your help!
>
No problem. If you have more questions, feel free to ask. Please keep in
mind that posting via the eID Applet mailing list is preferred so other
people can also read the archived answers afterward.
Kind Regards,
Frank.