>The signature should be on the document itself. Detached signatures are >possible but an administrative hassle
So, if signed properly, I see some sort of hash in the document like I did in the Med Objects demo? >> How do you also sign the attachment document with the HeSA >dongle if you're >> not using Medical Objects? > >You don't - if you know what's good for you. >The HeSA dongle is a third party generated key. If you sign with it, it is >comparable of letting a company produce a rubber stamp of your >signature, and >then accepting the rubber stamps as legal signature assuming nobody else >could have the stamp Horst I fully understand your philosophy, having subscribed to this list and its predecessors for the last 7 years. I happen to agree and can't fathom why it should take HeSA so long to develop a self-generating key app into the whole process; I'm a simple-simon but I can download numerous software that allows me to generate my own X.509 certificate and extract my public keys to send anywhere I want, including with 50 tonnes of paperwork to say who I am sending the public key for authentication by the Certification Authority. I guess the longer they drag this out, the longer they get to keep their jobs. Anyway, don't need to get into the philosophical issue; I just wanted to know technically how you would sign, say an OOo rtf file with an X.509 key, not necessarily HeSA's. I understand that the way HeSA do it with the Rainbow software makes it very hard. Thanks, Jan _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
