Re: [libreoffice-users] Re: Strategies for securing a document with an embedded picture of signature

[Advrk Aplmrkt]

Hello,

Thanks for your thoughtful reply!

I agree the best option is to use a propoer digital signature. When
properly done, it might be even more secure than a handwritten
signature?

Interesting point about the Creative Commons license, do you have
examples of how it's used in a real-world case?

Thanks!

On 11/09/2015, Tom Davies  wrote:
> Hi :)
> I think Steve is referring to "electronic signatures" rather than something
> resembling and pen type scrawl.  I've not looked into this as most
> office workers i've ever known would be completely baffled by it and not
> trust it despite it being much more secure and trustworthy.
>
> Another way that seems quite common these days is to print-out the
> document, sign it with pen properly and then scan the document back
> into the computer.  However there are numerous security and other problems
> with this approach too!
>
> Something i might consider, because it's highly user-friendly, is to treat
> the document as a piece of "electronic art" and use a Creative Commons
> License generated for that one specific document.  It is easily possible to
> create a Creative Commons License to cover all the various documents you
> might want to "sign", just as a signal signatures can be added to multiple
> different documents, but that gets back to the same security issue of just
> about anyone being able to copy it onto anything they like.
>
> http://creativecommons.org/choose/
>
> The Creative Commons route is not ideal as it's not what their licenses
> were designed for but it might work.  Probably have to upload the document
> somewhere in order to have a "Source URL"/weblink for the document.  The
> drop-down at the bottom can be changed to an "off-line" mark to paste into
> the document.
>
>
> Part of the problem is that people want to do a visual quick comparison
> between your signature on this and then compare that to another copy of
> your signature that they do have complete trust in having been done by you
> - just as passwords need to be compared against whatever you registered
> your password as for that purpose.  The problem is that such things can be
> accessed and maybe even decrypted given enough time and processing power.
> Retinal scans and finger-prints are just jpegs (or pngs or whatever other
> image format) so in a few years time i'm sure we will all be "shocked" to
> discover that they are no more secure than current systems.  At the moment
> they are just new and therefore criminals might need a bit of time to
> catch-up but there is a good chance that many are already ahead of the game
> anyway.
>
>
> I think the best option is to create a proper digital signature and have
> that alongside (or elsewhere near) the copy of the pen signature.
>
> Good luck!
> Regards from
> Tom :)
>
>
> On 11 September 2015 at 09:10, avamk  wrote:
>
>> Good idea, I should really start using different signatures for
>> different things. I'll probably need a "signature" manager just like a
>> password manager to help me keep track of all those signatures!
>>
>> On 11/09/2015, steveedmonds [via Document Foundation Mail Archive]
>>  wrote:
>> >
>> > In some respects your signature was safer on a piece of paper in the
>> > filing cabinet.
>> > I have a different signature I use on electronic documents, not the
>> > same
>> > as the one at the bank or the lawyer.
>> > It's still me signing it (statement of CE conformity, drawings, etc.)
>> > but no one can get my money with it.
>> > steve
>> >
>> > On 11/09/15 7:46 am, avamk wrote:
>> >> That's true!! I guess it doesn't really matter how I try to secure the
>> >> document if the receiver will see it on their screen, oh well. Thank
>> >> you for the reminder!
>> >>
>> >> Encryption is helpful though to ensure that at least only my intended
>> >> recipient will see the file.
>> >>
>> >> On 10/09/2015, steveedmonds [via Document Foundation Mail Archive]
>> >>  wrote:
>> >>> On 2015-09-11 03:06, avamk wrote:
>>  Hello,
>> 
>>  I think this is a rather outdated procedure, but I've come across
>> cases
>>  where I am required to include a scanned image of my handwritten
>>  signature
>>  in a word processing document to "sign" it. Just to be clear, I am
>>  not
>>  talking about signing with a certificate, but rather an image of a
>>  handwritten signature inserted into the document.
>> 
>>  I am always scared of doing this, because what if an adversarial
>> entity
>>  gets
>>  ahold of the document and starts using my signature for nefarious
>>  purposes??? So, is there a way to make this document (say, a .odt or
>>  .docx
>>  file) more secure that problem won't happen? Ideally I'd like to
>>  minimise
>>  complications/troubles when the receiver opens the file.
>> 
>>  Thank you!
>> >>> Anyone who can view the document 

[libreoffice-users] Re: Strategies for securing a document with an embedded picture of signature

[avamk]

Good idea, I should really start using different signatures for
different things. I'll probably need a "signature" manager just like a
password manager to help me keep track of all those signatures!

On 11/09/2015, steveedmonds [via Document Foundation Mail Archive]
 wrote:
>
> In some respects your signature was safer on a piece of paper in the
> filing cabinet.
> I have a different signature I use on electronic documents, not the same
> as the one at the bank or the lawyer.
> It's still me signing it (statement of CE conformity, drawings, etc.)
> but no one can get my money with it.
> steve
>
> On 11/09/15 7:46 am, avamk wrote:
>> That's true!! I guess it doesn't really matter how I try to secure the
>> document if the receiver will see it on their screen, oh well. Thank
>> you for the reminder!
>>
>> Encryption is helpful though to ensure that at least only my intended
>> recipient will see the file.
>>
>> On 10/09/2015, steveedmonds [via Document Foundation Mail Archive]
>>  wrote:
>>> On 2015-09-11 03:06, avamk wrote:
 Hello,

 I think this is a rather outdated procedure, but I've come across cases
 where I am required to include a scanned image of my handwritten
 signature
 in a word processing document to "sign" it. Just to be clear, I am not
 talking about signing with a certificate, but rather an image of a
 handwritten signature inserted into the document.

 I am always scared of doing this, because what if an adversarial entity
 gets
 ahold of the document and starts using my signature for nefarious
 purposes??? So, is there a way to make this document (say, a .odt or
 .docx
 file) more secure that problem won't happen? Ideally I'd like to
 minimise
 complications/troubles when the receiver opens the file.

 Thank you!
>>> Anyone who can view the document can take a screen snap (clip) of your
>>> signature image and use it as they like. The security issue is more
>>> likely uncontrollable at the receivers end.
>>> Are you suggesting something like a pass phrase required to open and
>>> view a document, you can do this by just encrypting the file and
>>> emailing with something like Enigmail.
>>> Steve
>>
>>
>>
>> --
>> View this message in context:
>> http://nabble.documentfoundation.org/Strategies-for-securing-a-document-with-an-embedded-picture-of-signature-tp4159938p4159970.html
>> Sent from the Users mailing list archive at Nabble.com.
>
>
> --
> To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.libreoffice.org/global/users/
> All messages sent to this list will be publicly archived and cannot be
> deleted
>
>
>
>
>
> ___
> If you reply to this email, your message will be added to the discussion
> below:
> http://nabble.documentfoundation.org/Strategies-for-securing-a-document-with-an-embedded-picture-of-signature-tp4159938p4160008.html
>
> To unsubscribe from Strategies for securing a document with an embedded
> picture of signature, visit
> http://nabble.documentfoundation.org/template/NamlServlet.jtp?macro=unsubscribe_by_code=4159938=YXZrYXBsbWt0QGdtYWlsLmNvbXw0MTU5OTM4fC02MzM5MDA3MDg=




--
View this message in context: 
http://nabble.documentfoundation.org/Strategies-for-securing-a-document-with-an-embedded-picture-of-signature-tp4159938p4160012.html
Sent from the Users mailing list archive at Nabble.com.
-- 
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: Strategies for securing a document with an embedded picture of signature

[Steve Edmonds]

In some respects your signature was safer on a piece of paper in the 
filing cabinet.
I have a different signature I use on electronic documents, not the same 
as the one at the bank or the lawyer.
It's still me signing it (statement of CE conformity, drawings, etc.) 
but no one can get my money with it.

steve

On 11/09/15 7:46 am, avamk wrote:

That's true!! I guess it doesn't really matter how I try to secure the
document if the receiver will see it on their screen, oh well. Thank
you for the reminder!

Encryption is helpful though to ensure that at least only my intended
recipient will see the file.

On 10/09/2015, steveedmonds [via Document Foundation Mail Archive]
 wrote:

On 2015-09-11 03:06, avamk wrote:

Hello,

I think this is a rather outdated procedure, but I've come across cases
where I am required to include a scanned image of my handwritten
signature
in a word processing document to "sign" it. Just to be clear, I am not
talking about signing with a certificate, but rather an image of a
handwritten signature inserted into the document.

I am always scared of doing this, because what if an adversarial entity
gets
ahold of the document and starts using my signature for nefarious
purposes??? So, is there a way to make this document (say, a .odt or
.docx
file) more secure that problem won't happen? Ideally I'd like to minimise
complications/troubles when the receiver opens the file.

Thank you!

Anyone who can view the document can take a screen snap (clip) of your
signature image and use it as they like. The security issue is more
likely uncontrollable at the receivers end.
Are you suggesting something like a pass phrase required to open and
view a document, you can do this by just encrypting the file and
emailing with something like Enigmail.
Steve




--
View this message in context: 
http://nabble.documentfoundation.org/Strategies-for-securing-a-document-with-an-embedded-picture-of-signature-tp4159938p4159970.html
Sent from the Users mailing list archive at Nabble.com.



--
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Re: [libreoffice-users] Re: Strategies for securing a document with an embedded picture of signature

[Tom Davies]

Hi :)
I think Steve is referring to "electronic signatures" rather than something
resembling and pen type scrawl.  I've not looked into this as most
office workers i've ever known would be completely baffled by it and not
trust it despite it being much more secure and trustworthy.

Another way that seems quite common these days is to print-out the
document, sign it with pen properly and then scan the document back
into the computer.  However there are numerous security and other problems
with this approach too!

Something i might consider, because it's highly user-friendly, is to treat
the document as a piece of "electronic art" and use a Creative Commons
License generated for that one specific document.  It is easily possible to
create a Creative Commons License to cover all the various documents you
might want to "sign", just as a signal signatures can be added to multiple
different documents, but that gets back to the same security issue of just
about anyone being able to copy it onto anything they like.

http://creativecommons.org/choose/

The Creative Commons route is not ideal as it's not what their licenses
were designed for but it might work.  Probably have to upload the document
somewhere in order to have a "Source URL"/weblink for the document.  The
drop-down at the bottom can be changed to an "off-line" mark to paste into
the document.


Part of the problem is that people want to do a visual quick comparison
between your signature on this and then compare that to another copy of
your signature that they do have complete trust in having been done by you
- just as passwords need to be compared against whatever you registered
your password as for that purpose.  The problem is that such things can be
accessed and maybe even decrypted given enough time and processing power.
Retinal scans and finger-prints are just jpegs (or pngs or whatever other
image format) so in a few years time i'm sure we will all be "shocked" to
discover that they are no more secure than current systems.  At the moment
they are just new and therefore criminals might need a bit of time to
catch-up but there is a good chance that many are already ahead of the game
anyway.


I think the best option is to create a proper digital signature and have
that alongside (or elsewhere near) the copy of the pen signature.

Good luck!
Regards from
Tom :)


On 11 September 2015 at 09:10, avamk  wrote:

> Good idea, I should really start using different signatures for
> different things. I'll probably need a "signature" manager just like a
> password manager to help me keep track of all those signatures!
>
> On 11/09/2015, steveedmonds [via Document Foundation Mail Archive]
>  wrote:
> >
> > In some respects your signature was safer on a piece of paper in the
> > filing cabinet.
> > I have a different signature I use on electronic documents, not the same
> > as the one at the bank or the lawyer.
> > It's still me signing it (statement of CE conformity, drawings, etc.)
> > but no one can get my money with it.
> > steve
> >
> > On 11/09/15 7:46 am, avamk wrote:
> >> That's true!! I guess it doesn't really matter how I try to secure the
> >> document if the receiver will see it on their screen, oh well. Thank
> >> you for the reminder!
> >>
> >> Encryption is helpful though to ensure that at least only my intended
> >> recipient will see the file.
> >>
> >> On 10/09/2015, steveedmonds [via Document Foundation Mail Archive]
> >>  wrote:
> >>> On 2015-09-11 03:06, avamk wrote:
>  Hello,
> 
>  I think this is a rather outdated procedure, but I've come across
> cases
>  where I am required to include a scanned image of my handwritten
>  signature
>  in a word processing document to "sign" it. Just to be clear, I am not
>  talking about signing with a certificate, but rather an image of a
>  handwritten signature inserted into the document.
> 
>  I am always scared of doing this, because what if an adversarial
> entity
>  gets
>  ahold of the document and starts using my signature for nefarious
>  purposes??? So, is there a way to make this document (say, a .odt or
>  .docx
>  file) more secure that problem won't happen? Ideally I'd like to
>  minimise
>  complications/troubles when the receiver opens the file.
> 
>  Thank you!
> >>> Anyone who can view the document can take a screen snap (clip) of your
> >>> signature image and use it as they like. The security issue is more
> >>> likely uncontrollable at the receivers end.
> >>> Are you suggesting something like a pass phrase required to open and
> >>> view a document, you can do this by just encrypting the file and
> >>> emailing with something like Enigmail.
> >>> Steve
> >>
> >>
> >>
> >> --
> >> View this message in context:
> >>
> 

[libreoffice-users] Re: Strategies for securing a document with an embedded picture of signature

[avamk]

That's true!! I guess it doesn't really matter how I try to secure the
document if the receiver will see it on their screen, oh well. Thank
you for the reminder!

Encryption is helpful though to ensure that at least only my intended
recipient will see the file.

On 10/09/2015, steveedmonds [via Document Foundation Mail Archive]
 wrote:
> On 2015-09-11 03:06, avamk wrote:
>> Hello,
>>
>> I think this is a rather outdated procedure, but I've come across cases
>> where I am required to include a scanned image of my handwritten
>> signature
>> in a word processing document to "sign" it. Just to be clear, I am not
>> talking about signing with a certificate, but rather an image of a
>> handwritten signature inserted into the document.
>>
>> I am always scared of doing this, because what if an adversarial entity
>> gets
>> ahold of the document and starts using my signature for nefarious
>> purposes??? So, is there a way to make this document (say, a .odt or
>> .docx
>> file) more secure that problem won't happen? Ideally I'd like to minimise
>> complications/troubles when the receiver opens the file.
>>
>> Thank you!
> Anyone who can view the document can take a screen snap (clip) of your
> signature image and use it as they like. The security issue is more
> likely uncontrollable at the receivers end.
> Are you suggesting something like a pass phrase required to open and
> view a document, you can do this by just encrypting the file and
> emailing with something like Enigmail.
> Steve




--
View this message in context: 
http://nabble.documentfoundation.org/Strategies-for-securing-a-document-with-an-embedded-picture-of-signature-tp4159938p4159970.html
Sent from the Users mailing list archive at Nabble.com.
-- 
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted