1

Childproof Drawings: Security Features of AutoCAD® 2004Tom Stoeckel

AutoCAD® 2004 has introduced new security features that provide greater control over drawing protection and data integrity. Learn how to use password-based encryption to secure your drawing data. We'll also cover how to incorporate digital signatures into drawings and generate reliable information about who created the drawings andwhether they were modified since they were signed. Learn the nuts and bolts of how to incorporate these new features into your work environment.

CM12-1

Housekeeping

Questions

Session Evaluation Form

2

Childproof Drawings

Your instructor – Tom Stoeckel• Autodesk programmer for 6 years• Express Tools and AutoCAD• Digital Signatures and DWG Security

Agenda

Digital Signatures

Drawing Security

What is a digital signature?

A unique ID issued by a certificate authorityContains name, serial number, expiration date, etc.Same concept as your handwritten signature only for electronic documents• Identifies a document as being associated with a specific person

• Attaches the identity of the signer

3

Why use digital signature?

Identify the senderVerify contents were not altered since signingResponsibility for contents• A signed file cannot be rejected as invalid. The signer of a file cannot later disown the file by claiming the signature was forged.

• Electronic Signatures in Global and National Commerce Act (E-Sign) gives digital signatures the same power as handwritten ones.

How to get a digital signature

Certificate authority• Verisign (www.verisign.com)• GlobalSign (www.globalsign.net)• Search the net

Installing your signature• Automatic on download• Internet Options – Content - Certificates

Signing your drawings

Different methods but common steps• Attach digital signature checkbox• Select a valid certificate

• Requires a non-expired certificate• Choose a time service (optional)

• Add your own time server to timesrvr.txt• ADSKSIGTIMESRVR environment variable

• Add comments (optional)

Signing is a deliberate operation

4

Signing a drawing once

Save As… menu (or SAVEAS command)• Tools menu

• Security options… menu item

Only applies signature on THAT save

Signing a drawing automatically

SECURITYOPTIONS command orOptions dialog• Open and Save tab

• Security Options… button

Works on a per drawing, per session basis• Must be set for each drawing to be signed• Only applies to the current session

Signing multiple files at once

Ideal when signing a final project set of files

Can only be done from outside AutoCAD

Attach Digital Signaturesdialog• Found in OS Start menu• Multiple files at once• Digitally sign .dwg, .exe

and .zip

5

Signing an encrypted drawing

Saving invalidates a signature so…Encrypt the drawing firstThen digitally sign

Validating signatures

Digital Signature Contents dialog

What this information tells you• Whether the file was modified

since it was signed • Identity of signer • Time stamp and comments

attached to the file • Issuer (certificate authority) of

the digital ID • "Valid to" and "valid from" dates

for the digital ID

Invalidated signatures

How does a signature get invalidated?• Saving over a signed drawing• External modification of the binary .dwg file

Warning dialog

6

Validating From Windows Explorer

Properties• Right-click on signed file• Properties• Digital Signature tab

Digital Signatures icon• Windows 2000 or greater• Turning it off

• Right-click on .DWx/exe/zip• Enable/Disable Digital Signatures Icon

Manual validation from AutoCAD

Status bar iconSIGVALIDATE commandValidate Digital Signatures dialog

Automatic validation from AutoCAD

SIGWARN system variable• Options - Open and Save –

Display digital signature information …

• Always shows invalidated signatures

Validating Xrefs• Options to skip Xref

warnings

7

Drawing Security

Encrypts the entire drawing file• Option to encrypt drawing properties

Introduced in AutoCAD 2004• Only works on 2004 format• DWG, DWT and DWS

Encryption is lost when saving to an earlier version

Why use encryption?

Protect drawing data from being stolenEnsure data confidentialitySecure drawing data from modificationPrevent unauthorized viewing

When to use encryption?

Sharing sensitive data outside of the organizationTransmitting files through non-secure mediumPassword protection is superfluous on an internal network• OS permissions achieve the same goal and are easier to manage

8

Losing a Password

No password – no drawingThere is NO back doorBackup drawings before encryptionSecure your passwords

Choosing a Password

Word or phraseAny characters you chooseMore characters = more security

Choosing Encryption types

OS default is used unless otherwise specifiedEncryption providers supplied by OSThe higher the key length, the higher the protectionConfirm other computers can decrypt before sharing

9

Encrypting a drawing

Security Options dialog

Encrypting a drawing

Save As… menu (or SAVEAS command)• Tools menu• Security options… menu item

SECURITYOPTIONS commandOptions dialog• Open and Save tab

• Security Options… button

Password must be set for each drawing• Password persists until removed

Opening a secure drawing

Password request dialog

Password cache• Reuses valid passwords

during the current session

Changing/removing a password• Security Options dialog• Change or clear the

password field

10

Changes to APIs

ObjectARX• readDWGFile()• acedSyncFileOpen()• acedXrefAttach()• acedXrefOverlay()• saveAs()

ActiveX/VBA• SecurityParams object

Thank You

Turn in your session evaluation forms as you leaveEmail: tom.stoeckel@autodesk.com