Cryptography Reference
In-Depth Information
The second condition holds, of course, for all authorities of a certification
hierarchy. A certification authority, in the sense of granting legal force to a
signature, must establish the organizational and technical processes for which
detailed requirements have been set in law or associated implementing orders.
At the end of 1999, a European Union directive was adopted that established
a framework for the use of electronic signatures in Europe (cf. [EU99]). The
guideline was enacted to avoid conflicting regulations among the individual
member states. In decisive points, it requires regulations that deviate from SigG
in its original 1997 version, in which it joins the “technical-legal approach,” which
is also followed by the SigG of 1997, with the “market-economy approach” to form
a “hybrid approach.” The technical-legal approach is represented by “advanced”
and “qualified electronic signatures,” and the market-economy approach by
“electronic signatures.”
In the area of the market-economy approach, no technical requirements
are made on the “electronic.” For qualified electronic signatures, the technical
and organizational requirements are regulated, which contributes to the actual
security of these signatures, as the basis for legal consequences being able to be
linked to qualified electronic signatures.
Important components of the regulations for guaranteeing the actual security
are, in addition to the liability of certification service providers, the requirements
for technical security of the components used and the security requirements for
the facilities and processes of the certification service providers, as well as their
supervision.
A corresponding revision of the German signature law was concluded in
the first quarter of 2001 (see [SigG]), in which the guidelines of the EU were
implemented. The significant change with respect to the old version of the law is
the acceptance of “qualified electronic signatures,” which now are permitted as a
substitute for written signatures and as admissible evidence in court.
The goal of this law is to create basic conditions for qualified electronic
signatures. The use of electronic signatures is optional, though certain regulations
could require them in specific instances. In particular, regulations could be
established regarding the use of qualified electronic signatures in the work of
public institutions.
We now leave this interesting topic, which can pursued further in [Bies],
[Glad], [Adam], [Mied], and [Fegh], and turn our attention, finally, to the
implementation of C++ classes that provide for encryption and the generation of
digital signatures.
17.4 RSA Classes in C++
In this section we develop a C++ class
RSAkey
that contains the functions
