Changes between Version 8 and Version 9 of security/electronic_signatures


Ignore:
Timestamp:
Feb 28, 2013, 6:28:09 PM (11 years ago)
Author:
Sam Habiel
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • security/electronic_signatures

    v8 v9  
    283283I didn't write example code for Radiology/Nuclear Medicine as I don't have test data in that package.
    284284
     285Once the new algorithm is in use, to reuse an example presented above, here is what to expect if the document is tampered with:
     286Original Signature:
     287{{{
     288/es/ DOCTOR MCDUCK, MD
     289ENT PHYSICIAN
     290Signed: 02/27/2013 09:34
     291}}}
     292
     293After tampering with the document
     294{{{
     295/es/ bad decrypt
     296bad decrypt
     297Signed: 02/27/2013 09:34
     298}}}
     299
     300
    285301== Impact on the rest of VISTA ==
    286302Analysis of the impact will take two phases: That of the Hash and that of the change in encryption.
     
    371387Casting these issues aside, there is one way in which encryption can be strengthened: basing it on a hardware token. You will need one of these for each server, but this ensures that the encrypted data will be unreadable outside the machine at which it was encrypted.
    372388
    373 It's best to know what attack vectors to protect against. The biggest security risks are internal. External protection of the entire database can be done using full database encryption.
     389It's best to know what attack vectors to protect against. The encryption system here is not designed to hide the data; rather only detect if it has been tampered with outside of the official APIs.
    374390
    375391= Appendix 1: How does TIU encrypt the signature blocks =
     392TIU encrypts these fields in file TIU DOCUMENT (#8925)
     393{{{
     3941503 SIGNATURE BLOCK NAME
     3951504 SIGNATURE BLOCK TITLE
     3961509 COSIGNATURE BLOCK NAME
     3971510 COSIGNATURE BLOCK TITLE
     398}}}
     399
     400The encryption and decryption are done seamlessly in Fileman. Because of that, an end user and even an API programmer will not even detect that it exists.
     401
     402The input transform for each field is responsible for the encryption. It looks like this:
     403{{{
     404S X=$$ENCRYPT^TIULC1(X,1,$$CHKSUM^TIULC("^TIU(8925,"_+DA_",""TEXT"")")) K:$L(X)>120!($L(X)<3) X
     405}}}
     406
     407The output transform for each field is responsible for decryption. It looks like this:
     408{{{
     409S Y=$$DECRYPT^TIULC1(Y,1,$$CHKSUM^TIULC("^TIU(8925,"_$S(+$G(DA):+DA,+$G(D0):+D0,1:"")_",""TEXT"")"))
     410}}}
     411
     412The algorithm is simple: Encrypt and decrypt based on a vector of the checksum of the text. If the text changes, the originally computed encrypted string won't be decrypted successfully.