1. PotsPan Project Workpackage 3
Institutional Document Management Pilot Exercise 1
1. Summary
As outlined in the planning document for this Workpackage, the key activities were to include:
Identifying a free Certification Authority service, registering as a user and completing all the
security procedures for the creation of authenticated certificates;
Installing the certificates on a PC and browser to be used to create and sign the documents;
Creating test documents using Open Office Writer and using the Digital Signatures function
to add certificated electronic signatures;
Sending the documents electronically and testing the received documents for validity
against the security criteria applied.
Pilot exercise 1 completed all of these activities and the outcomes and lessons learned are reported
here. Further exercises and evaluations will be carried out, and the final activity of testing the
systems for validating the authentication of online assessment submissions through Moodle will
conclude the Workpackage.
Open Office Writer1 was used as the document authoring software, CAcert2 provided the free
Certification Authority service used and the documents were created on a PC running Microsoft
Windows 7 and IE9. The outcomes of the exercise will be described in the order listed above.
2. The Certification Authority service and the creation of authenticated certificates
Secure and trusted electronic signature systems typically involve the use of third party Certification
Authority providers who ensure the validity of the digital certificates they issue for confirming
author identity, ensuring document integrity and providing encryption keys for secure document
distribution. Such digital certificates are installed in the document owner’s computer and web
browser, and are used by programs like Open Office Writer to apply validated electronic signatures.
The CA organisation selected for trialling in Pilot Exercise 1 was CAcert3 who provide a free to use
digital certificate service. The sequence that led to the issuing of authenticated certificates was:
Registration as a user and create an account on the CAcert website. This involves entering a
user name and password, along with other unique security data;
When registered and logged in, the process is to select ‘new client certificate’ and then
‘create certificate’;
A security strength level is selected for the encryption key at this stage. For the exercise,
‘Microsoft enhanced cryptographic provider v1.0’ was chosen;
When the certificate is created it opens in a new window with an invitation and link to import into
the browser. An email is also sent confirming the creation of the certificate, providing a link to it in
the user account, and also a reminder that the CAcert root certificate also needs to be imported
before certificates can be used. A link to this process is also provided.
Active X needs to be enabled for the installation of both the root certificate and the newly created
digital certificate.
1
http://www.openoffice.org/product/writer.html
2
https://www.cacert.org/
3
https://wiki.cacert.org/FAQ/AboutUs

2. 3. Installing the certificates on the PC and browser
The installation process begins with the Root Certificate and this is accessed on the CAcert Root
Certificate website4. There are links on the page to initiate the Root Certificate download. Once this
has been done, the download is imported in the Internet Options>Content>Personal>Certificates> of
the browser using the ‘Trusted Root Certification Authorities’ tab. The digital certificate can then be
imported by clicking on the link in the certificate page on the CAcert website5. The certificate is now
ready for use.
4. Creating documents and adding electronic signatures
With the digital certificate imported, it can be used to add electronic signatures to Open Office
documents. For the purpose of Pilot Exercise 1 a test document was created in Open Office Writer
and the electronic signature process tested.
Once the document had been created the File>Digital Signatures option was selected and the newly
imported digital certificate option appeared in a new window and was activated by clicking on the
Sign Document button:
Once signed and saved, whenever the file is opened it will have the small icon next to the ‘The
signatures in this document are valid’ line in the image above showing in the document toolbar
confirming that it is a valid signed document.
When the document is opened and the icon is double clicked, the documentation verification will be
confirmed and the security information can be viewed:
4
http://www.cacert.org/index.php?id=3
5
https://www.cacert.org/account.php?id=6&cert=409041

3. If, at any time, the signed document is edited or changed in any way, the electronic signature will be
invalidated and the icon in the document toolbar will disappear. The edited document can, of
course, be re-signed by an authorised signatory.
5. Sending the signed documents electronically and testing the received documents for validity
The test document above was sent by email as an attachment and when opened in Open Office
Writer, it included the digital signature that confirmed validity and that the document had not been
altered since the signature had been applied.
When opened, the document was in read-only format which further avoids the possibility of
invalidating the signature. The attached file was saved locally and, when opened as a local file, still
retained the digital signature verification. However, it was now in edit mode and, if editing did take
place, then the digital signature was invalidated.
6. Conclusions
This first exercise has demonstrated that the basic objectives of the electronic signature verification
of document validity could be achieved using open source tools and freely available services. The
PotsPan project will continue to explore the extent of the security provided and the alternative tools
and services available. It will then move on to the final objective of testing the system in the context
of online assessment submission through Moodle.
Tony Toole
November 2012