Last night, I installed my version of System 7 Pro-- the new version of the Apple Macintosh Operating System with built in Digital Signature capabilities. Here's the details: 1) The package contains two extra pieces of paper. One is a voucher that is good for one free certificate. The second is an address and instructions for just what to do. 2) The installation process is very simple. You click on some icon to get the software running and then you: i) Fill in a form with your name and address. ii) Choose a country from a very long list. iii) Add in an identifying phrase. The manual says that you should "Type a word or phrase you can remember. You may have to provide this phrase if the Approval Authority needs to verify your identity." This may be used if you forget or lose something. I'm not sure. Perhaps it is a random number seed. Perhaps it is transmitted to RSA for the same purposes as the "mother's maiden name" passphrase used by banks. I don't know. iv) Then you type in a password. This is the same password that you type in each time you want to make a signature for a document. It seems to encrypt your private key. Jim Bidzos says that the software is careful enough to do this work only in memory where it is relatively safe. v) You choose a location for your signing icon. At first this will be "unapproved" and it won't work. Eventually, when you get a disk back from RSA, you'll be able to sign a document just by dragging it on to the signing icon. Then a dialog box will open up asking you for password. vi) A "processing" box appears and says that it will need to compute for the next 1 to 10 minutes. It doesn't say that it is looking for a prime, but that is entirely possible. Paranoids will hate this opacity. 3) Now, you get a nice print out of some random characters. The text says that you can just send the paper if you've a printer that is capable of 300 dpi resolution. Apparently, they plan on using OCR to read this in. 4) You take this paper to a Notary Public and present 3 forms of identification. The form asks the Notary to write down all of this and sign it. It also instructs the Notary that this cannot be done in any other way than in person. No Agents, Spouses etc. 5) You mail it off to a PO Box in Belmont CA and wait. 6) When it comes back, you probably get a disk that will allow you to initialize everything. Some Random Observations: *) The Certificates come with a built-in time limit. They're only good for two years. The software comes with a renewal mechanism so I think that people will be mailing checks in a couple of years. *) I'm not sure how complicated this procedure is for large corporate users. The book hints that you may get your signature from a company representative. *) They included a sample signer so you can play with the technology out of the box. I signed a few things and got the software to break by trying to sign the "DigiSign Utility." I.e. itself. *) The signature verification process is very well integrated. You simply open up the little info box that is available for each icon. There will be a extra button with a pen. Push it and the name and address of the signatory pops up. *) The signature is saved as a resource in the resource fork. The address is in the clear including several addresses for RSA. I tried fudging with them for grins and the signature broke. The software reported that it was tampered with. Good show. *) It took about 30 seconds to sign a 200k document on a IIci. Final impressions: Software Ease of Use: A+ Paranoia Avoidance: F (no source code or instructions on how to generate your own signature) RSA Cash Infusion: A (more checks in 2 years) Boost to Public Crypto Usage in short term: A+ Boost to Public Crypto Usage Two Years from now when the Certificates Run Out: INC (Who can remember to re-authorize these things?)