Apple, AOCE, and key pair security

[Peter Wayner]

Last night, I installed my version of System 7 Pro-- the new
version of the Apple Macintosh Operating System with built in
Digital Signature capabilities. Here's the details:

1) The package contains two extra pieces of paper. One is a 
voucher that is good for one free certificate. The second
is an address and instructions for just what to do. 

2) The installation process is very simple. You click on
some icon to get the software running and then you:
 
  i) Fill in a form with your name and address.
  ii) Choose a country from a very long list.
  iii) Add in an identifying phrase. The manual says
   that you should "Type a word or phrase you can remember.
   You may have to provide this phrase if the Approval
   Authority needs to verify your identity." This may
   be used if you forget or lose something. I'm not sure.
   Perhaps it is a random number seed. Perhaps it is 
   transmitted to RSA for the same purposes as the
   "mother's maiden name" passphrase used by banks. 
   I don't know. 
  iv) Then you type in a password. This is the same
   password that you type in each time you want to 
   make a signature for a document. It seems to 
   encrypt your private key. Jim Bidzos says that
   the software is careful enough to do this work
   only in memory where it is relatively safe. 
  v) You choose a location for your signing icon. 
   At first this will be "unapproved" and it won't
   work. Eventually, when you get a disk back from 
   RSA, you'll be able to sign a document just by
   dragging it on to the signing icon. Then a dialog
   box will open up asking you for password. 
  vi) A "processing" box appears and says that it will
   need to compute for the next 1 to 10 minutes. It 
   doesn't say that it is looking for a prime, but that
   is entirely possible. Paranoids will hate this opacity.

3) Now, you get a nice print out of some random characters.
The text says that you can just send the paper if you've
a printer that is capable of 300 dpi resolution. Apparently,
they plan on using OCR to read this in. 

4) You take this paper to a Notary Public and present 3 forms
of identification. The form asks the Notary to write down
all of this and sign it. It also instructs the Notary that
this cannot be done in any other way than in person. No Agents,
Spouses etc.

5) You mail it off to a PO Box in Belmont CA and wait.

6) When it comes back, you probably get a disk that will
allow you to initialize everything. 

Some Random Observations:

*) The Certificates come with a built-in time limit. They're
only good for two years. The software comes with a renewal
mechanism so I think that people will be mailing checks in
a couple of years. 

*) I'm not sure how complicated this procedure is for large
corporate users. The book hints that you may get your signature
from a company representative. 

*) They included a sample signer so you can play with the
technology out of the box. I signed a few things and got
the software to break by trying to sign the "DigiSign Utility." 
I.e. itself. 

*) The signature verification process is very well integrated.
You simply open up the little info box that is available for
each icon. There will be a extra button with a pen. Push it
and the name and address of the signatory pops up.

*) The signature is saved as a resource in the resource fork.
The address is in the clear including several addresses for
RSA. I tried fudging with them for grins and the signature
broke. The software reported that it was tampered with. Good
show.

*) It took about 30 seconds to sign a 200k document on a IIci.

Final impressions:

Software Ease of Use: A+
Paranoia Avoidance: F (no source code or instructions on how 
  to generate your own signature)
RSA Cash Infusion: A (more checks in 2 years)
Boost to Public Crypto Usage in short term: A+
Boost to Public Crypto Usage Two Years from now when the Certificates
Run Out: INC (Who can remember to re-authorize these things?)