Desenvolupament de nous serveis de signatura electrònica sobre ISMe

Abstract

The electronic signature is the electronic equivalent of the handwritten signature. In other words, is an electronic system, with the same legal validity, which allows us to print our signature on a digital document. The electronic signature is based on asymmetric cryptography or public key cryptography. In this type of cryptography each user has a pair of mathematically-related keys: one public and one private. The public key is publicly distributed, but the private key is kept secret. The system asymmetry relies on the fact that if a message is encrypted with the public key can only be decrypted with the associated private key, and the other way round. Moreover, one key cannot be derived from the other without additional data. Simplifying a lot, the use of the private key to encrypt a message is a signature since only the owner of the private key can perform the encryption and everyone can decrypt or verify it with the owner's public key. In the last years, the Isigma company is trying to take profit of the great business opportunities that the digital signature offers. Isigma is devoted to build and distribute software related to digital signatures. It's in this company where I have worked and carried out final grade project, which is targeted to implement different improvements and evolutions on an existing Isigma application called ISMe (Identity and Signature Management Enterprise). The ISMe software originally only signed PDF documents and Isigma wanted it to offer more possibilities to the user in order to make it more attractive and effective. For that matter, two main objectives were initially proposed: the extension of ISMe to also allow XML signatures, and the creation of a subapplication that allows clients to directly sign from a company's server. This subapplication would also contain a certificate management system that may allow users to upload or erase their own certificates and private keys. To carry out this project, it has been necessary the study of many technologies, as well as mastering the use of these. This has allowed to implement the desired improvements of the application. The final result of this TFG has satisfactorily achieved all initially planned objectives.