School me on digital signatures

[Weetabix]

I need to be able to put digital signatures on documents. In Florida, I'm directed to use the Secure Hash Standard (pdf link on this page).

It sounds as if I need a log file and a print of a report for each document sealed electronically. Then I have to manually sign and date each report for each document. Where are the ostensible efficiencies of our modern electronic lifestyle? Where's my jet car?

Can someone offer suggestions on how to set this up easily? My company has a contract IT company who can help.

Thanks!

[Yogimus]

Just write ///signed/// on the signature line. You would be amazed how many idiots accept it.

[Greg]

I need to be able to put digital signatures on documents. In Florida, I'm directed to use the Secure Hash Standard (pdf link on this page).

It sounds as if I need a log file and a print of a report for each document sealed electronically. Then I have to manually sign and date each report for each document. Where are the ostensible efficiencies of our modern electronic lifestyle? Where's my jet car?

Can someone offer suggestions on how to set this up easily? My company has a contract IT company who can help.

Thanks!

You don't need help. Read the documents. Have you done any background reading on digital signing, public key encryption, PKI and the like? Look up those terms.

For this to work smoothly and seamlessly without paper requires a surprising amount of technical infrastructure to be in place, which Florida apparently does not have and does not care to have. So they're cheating and leveraging the old fashioned tried-and-true hard copy methods as far as they will go.

After you digitally sign submitted documents, the "signature file" you have to submit is more or less the equivalent of a physical signature card, it puts your signature on file to be matched against the signed documents. And the "report" that gets filed to certify the signature file is a form to, guess what, certify that your signature card is valid (just like the paper days). It's a trifle awkward, it's a mis-mash of hard copy and digital methods, but it makes perfect sense.

The benefit for you is that there is surprisingly little for you to set up. You just need a signing certificate (and these procedures seem to indicate you don't have to go to the trouble of buying one from a "trusted" authority) and some free software (something like GPG should be enough for this, I think). The rest is just following instructions.

Quickie links: (you can probably find better with a little googling)

http://www.verisign.com.au/repository/t ... tro1.shtml
http://en.wikipedia.org/wiki/Public-key_infrastructure