Re: [libreoffice-users] Re: Strategies for securing a document with an embedded picture of signature
Hello, Thanks for your thoughtful reply! I agree the best option is to use a propoer digital signature. When properly done, it might be even more secure than a handwritten signature? Interesting point about the Creative Commons license, do you have examples of how it's used in a real-world case? Thanks! On 11/09/2015, Tom Davieswrote: > Hi :) > I think Steve is referring to "electronic signatures" rather than something > resembling and pen type scrawl. I've not looked into this as most > office workers i've ever known would be completely baffled by it and not > trust it despite it being much more secure and trustworthy. > > Another way that seems quite common these days is to print-out the > document, sign it with pen properly and then scan the document back > into the computer. However there are numerous security and other problems > with this approach too! > > Something i might consider, because it's highly user-friendly, is to treat > the document as a piece of "electronic art" and use a Creative Commons > License generated for that one specific document. It is easily possible to > create a Creative Commons License to cover all the various documents you > might want to "sign", just as a signal signatures can be added to multiple > different documents, but that gets back to the same security issue of just > about anyone being able to copy it onto anything they like. > > http://creativecommons.org/choose/ > > The Creative Commons route is not ideal as it's not what their licenses > were designed for but it might work. Probably have to upload the document > somewhere in order to have a "Source URL"/weblink for the document. The > drop-down at the bottom can be changed to an "off-line" mark to paste into > the document. > > > Part of the problem is that people want to do a visual quick comparison > between your signature on this and then compare that to another copy of > your signature that they do have complete trust in having been done by you > - just as passwords need to be compared against whatever you registered > your password as for that purpose. The problem is that such things can be > accessed and maybe even decrypted given enough time and processing power. > Retinal scans and finger-prints are just jpegs (or pngs or whatever other > image format) so in a few years time i'm sure we will all be "shocked" to > discover that they are no more secure than current systems. At the moment > they are just new and therefore criminals might need a bit of time to > catch-up but there is a good chance that many are already ahead of the game > anyway. > > > I think the best option is to create a proper digital signature and have > that alongside (or elsewhere near) the copy of the pen signature. > > Good luck! > Regards from > Tom :) > > > On 11 September 2015 at 09:10, avamk wrote: > >> Good idea, I should really start using different signatures for >> different things. I'll probably need a "signature" manager just like a >> password manager to help me keep track of all those signatures! >> >> On 11/09/2015, steveedmonds [via Document Foundation Mail Archive] >> wrote: >> > >> > In some respects your signature was safer on a piece of paper in the >> > filing cabinet. >> > I have a different signature I use on electronic documents, not the >> > same >> > as the one at the bank or the lawyer. >> > It's still me signing it (statement of CE conformity, drawings, etc.) >> > but no one can get my money with it. >> > steve >> > >> > On 11/09/15 7:46 am, avamk wrote: >> >> That's true!! I guess it doesn't really matter how I try to secure the >> >> document if the receiver will see it on their screen, oh well. Thank >> >> you for the reminder! >> >> >> >> Encryption is helpful though to ensure that at least only my intended >> >> recipient will see the file. >> >> >> >> On 10/09/2015, steveedmonds [via Document Foundation Mail Archive] >> >> wrote: >> >>> On 2015-09-11 03:06, avamk wrote: >> Hello, >> >> I think this is a rather outdated procedure, but I've come across >> cases >> where I am required to include a scanned image of my handwritten >> signature >> in a word processing document to "sign" it. Just to be clear, I am >> not >> talking about signing with a certificate, but rather an image of a >> handwritten signature inserted into the document. >> >> I am always scared of doing this, because what if an adversarial >> entity >> gets >> ahold of the document and starts using my signature for nefarious >> purposes??? So, is there a way to make this document (say, a .odt or >> .docx >> file) more secure that problem won't happen? Ideally I'd like to >> minimise >> complications/troubles when the receiver opens the file. >> >> Thank you! >> >>> Anyone who can view the document
[libreoffice-users] Re: Strategies for securing a document with an embedded picture of signature
Good idea, I should really start using different signatures for different things. I'll probably need a "signature" manager just like a password manager to help me keep track of all those signatures! On 11/09/2015, steveedmonds [via Document Foundation Mail Archive]wrote: > > In some respects your signature was safer on a piece of paper in the > filing cabinet. > I have a different signature I use on electronic documents, not the same > as the one at the bank or the lawyer. > It's still me signing it (statement of CE conformity, drawings, etc.) > but no one can get my money with it. > steve > > On 11/09/15 7:46 am, avamk wrote: >> That's true!! I guess it doesn't really matter how I try to secure the >> document if the receiver will see it on their screen, oh well. Thank >> you for the reminder! >> >> Encryption is helpful though to ensure that at least only my intended >> recipient will see the file. >> >> On 10/09/2015, steveedmonds [via Document Foundation Mail Archive] >> wrote: >>> On 2015-09-11 03:06, avamk wrote: Hello, I think this is a rather outdated procedure, but I've come across cases where I am required to include a scanned image of my handwritten signature in a word processing document to "sign" it. Just to be clear, I am not talking about signing with a certificate, but rather an image of a handwritten signature inserted into the document. I am always scared of doing this, because what if an adversarial entity gets ahold of the document and starts using my signature for nefarious purposes??? So, is there a way to make this document (say, a .odt or .docx file) more secure that problem won't happen? Ideally I'd like to minimise complications/troubles when the receiver opens the file. Thank you! >>> Anyone who can view the document can take a screen snap (clip) of your >>> signature image and use it as they like. The security issue is more >>> likely uncontrollable at the receivers end. >>> Are you suggesting something like a pass phrase required to open and >>> view a document, you can do this by just encrypting the file and >>> emailing with something like Enigmail. >>> Steve >> >> >> >> -- >> View this message in context: >> http://nabble.documentfoundation.org/Strategies-for-securing-a-document-with-an-embedded-picture-of-signature-tp4159938p4159970.html >> Sent from the Users mailing list archive at Nabble.com. > > > -- > To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.libreoffice.org/global/users/ > All messages sent to this list will be publicly archived and cannot be > deleted > > > > > > ___ > If you reply to this email, your message will be added to the discussion > below: > http://nabble.documentfoundation.org/Strategies-for-securing-a-document-with-an-embedded-picture-of-signature-tp4159938p4160008.html > > To unsubscribe from Strategies for securing a document with an embedded > picture of signature, visit > http://nabble.documentfoundation.org/template/NamlServlet.jtp?macro=unsubscribe_by_code=4159938=YXZrYXBsbWt0QGdtYWlsLmNvbXw0MTU5OTM4fC02MzM5MDA3MDg= -- View this message in context: http://nabble.documentfoundation.org/Strategies-for-securing-a-document-with-an-embedded-picture-of-signature-tp4159938p4160012.html Sent from the Users mailing list archive at Nabble.com. -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-users] Re: Strategies for securing a document with an embedded picture of signature
In some respects your signature was safer on a piece of paper in the filing cabinet. I have a different signature I use on electronic documents, not the same as the one at the bank or the lawyer. It's still me signing it (statement of CE conformity, drawings, etc.) but no one can get my money with it. steve On 11/09/15 7:46 am, avamk wrote: That's true!! I guess it doesn't really matter how I try to secure the document if the receiver will see it on their screen, oh well. Thank you for the reminder! Encryption is helpful though to ensure that at least only my intended recipient will see the file. On 10/09/2015, steveedmonds [via Document Foundation Mail Archive]wrote: On 2015-09-11 03:06, avamk wrote: Hello, I think this is a rather outdated procedure, but I've come across cases where I am required to include a scanned image of my handwritten signature in a word processing document to "sign" it. Just to be clear, I am not talking about signing with a certificate, but rather an image of a handwritten signature inserted into the document. I am always scared of doing this, because what if an adversarial entity gets ahold of the document and starts using my signature for nefarious purposes??? So, is there a way to make this document (say, a .odt or .docx file) more secure that problem won't happen? Ideally I'd like to minimise complications/troubles when the receiver opens the file. Thank you! Anyone who can view the document can take a screen snap (clip) of your signature image and use it as they like. The security issue is more likely uncontrollable at the receivers end. Are you suggesting something like a pass phrase required to open and view a document, you can do this by just encrypting the file and emailing with something like Enigmail. Steve -- View this message in context: http://nabble.documentfoundation.org/Strategies-for-securing-a-document-with-an-embedded-picture-of-signature-tp4159938p4159970.html Sent from the Users mailing list archive at Nabble.com. -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [libreoffice-users] Re: Strategies for securing a document with an embedded picture of signature
Hi :) I think Steve is referring to "electronic signatures" rather than something resembling and pen type scrawl. I've not looked into this as most office workers i've ever known would be completely baffled by it and not trust it despite it being much more secure and trustworthy. Another way that seems quite common these days is to print-out the document, sign it with pen properly and then scan the document back into the computer. However there are numerous security and other problems with this approach too! Something i might consider, because it's highly user-friendly, is to treat the document as a piece of "electronic art" and use a Creative Commons License generated for that one specific document. It is easily possible to create a Creative Commons License to cover all the various documents you might want to "sign", just as a signal signatures can be added to multiple different documents, but that gets back to the same security issue of just about anyone being able to copy it onto anything they like. http://creativecommons.org/choose/ The Creative Commons route is not ideal as it's not what their licenses were designed for but it might work. Probably have to upload the document somewhere in order to have a "Source URL"/weblink for the document. The drop-down at the bottom can be changed to an "off-line" mark to paste into the document. Part of the problem is that people want to do a visual quick comparison between your signature on this and then compare that to another copy of your signature that they do have complete trust in having been done by you - just as passwords need to be compared against whatever you registered your password as for that purpose. The problem is that such things can be accessed and maybe even decrypted given enough time and processing power. Retinal scans and finger-prints are just jpegs (or pngs or whatever other image format) so in a few years time i'm sure we will all be "shocked" to discover that they are no more secure than current systems. At the moment they are just new and therefore criminals might need a bit of time to catch-up but there is a good chance that many are already ahead of the game anyway. I think the best option is to create a proper digital signature and have that alongside (or elsewhere near) the copy of the pen signature. Good luck! Regards from Tom :) On 11 September 2015 at 09:10, avamkwrote: > Good idea, I should really start using different signatures for > different things. I'll probably need a "signature" manager just like a > password manager to help me keep track of all those signatures! > > On 11/09/2015, steveedmonds [via Document Foundation Mail Archive] > wrote: > > > > In some respects your signature was safer on a piece of paper in the > > filing cabinet. > > I have a different signature I use on electronic documents, not the same > > as the one at the bank or the lawyer. > > It's still me signing it (statement of CE conformity, drawings, etc.) > > but no one can get my money with it. > > steve > > > > On 11/09/15 7:46 am, avamk wrote: > >> That's true!! I guess it doesn't really matter how I try to secure the > >> document if the receiver will see it on their screen, oh well. Thank > >> you for the reminder! > >> > >> Encryption is helpful though to ensure that at least only my intended > >> recipient will see the file. > >> > >> On 10/09/2015, steveedmonds [via Document Foundation Mail Archive] > >> wrote: > >>> On 2015-09-11 03:06, avamk wrote: > Hello, > > I think this is a rather outdated procedure, but I've come across > cases > where I am required to include a scanned image of my handwritten > signature > in a word processing document to "sign" it. Just to be clear, I am not > talking about signing with a certificate, but rather an image of a > handwritten signature inserted into the document. > > I am always scared of doing this, because what if an adversarial > entity > gets > ahold of the document and starts using my signature for nefarious > purposes??? So, is there a way to make this document (say, a .odt or > .docx > file) more secure that problem won't happen? Ideally I'd like to > minimise > complications/troubles when the receiver opens the file. > > Thank you! > >>> Anyone who can view the document can take a screen snap (clip) of your > >>> signature image and use it as they like. The security issue is more > >>> likely uncontrollable at the receivers end. > >>> Are you suggesting something like a pass phrase required to open and > >>> view a document, you can do this by just encrypting the file and > >>> emailing with something like Enigmail. > >>> Steve > >> > >> > >> > >> -- > >> View this message in context: > >> >
[libreoffice-users] Re: Strategies for securing a document with an embedded picture of signature
That's true!! I guess it doesn't really matter how I try to secure the document if the receiver will see it on their screen, oh well. Thank you for the reminder! Encryption is helpful though to ensure that at least only my intended recipient will see the file. On 10/09/2015, steveedmonds [via Document Foundation Mail Archive]wrote: > On 2015-09-11 03:06, avamk wrote: >> Hello, >> >> I think this is a rather outdated procedure, but I've come across cases >> where I am required to include a scanned image of my handwritten >> signature >> in a word processing document to "sign" it. Just to be clear, I am not >> talking about signing with a certificate, but rather an image of a >> handwritten signature inserted into the document. >> >> I am always scared of doing this, because what if an adversarial entity >> gets >> ahold of the document and starts using my signature for nefarious >> purposes??? So, is there a way to make this document (say, a .odt or >> .docx >> file) more secure that problem won't happen? Ideally I'd like to minimise >> complications/troubles when the receiver opens the file. >> >> Thank you! > Anyone who can view the document can take a screen snap (clip) of your > signature image and use it as they like. The security issue is more > likely uncontrollable at the receivers end. > Are you suggesting something like a pass phrase required to open and > view a document, you can do this by just encrypting the file and > emailing with something like Enigmail. > Steve -- View this message in context: http://nabble.documentfoundation.org/Strategies-for-securing-a-document-with-an-embedded-picture-of-signature-tp4159938p4159970.html Sent from the Users mailing list archive at Nabble.com. -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted