Issue Date: Revision Date:

STANDARD OPERATING PROCEDURE NO. 29 CONTRACT & BUSINESS MANAGEMENT DTRECTORA TEN I 0

MlLIT ARY SEALIFT FLEET SUPPORT COMMAND

Digital Signature Implementation

Encl: ( I) Digital Signature Instruction Sheet Encl: [2] Instructions on How to Self-Sign a Certificate

What is a Signature?

When authorizing documentation in support of purchasing decisions and contract fi les, a signature must function to:

• Asce11ain provenance or origin of a document by discerning the author's identity • Establish the intentional will of a signer, signifying deliberation and informed consent. • Act as evidence in the case of a dispute or court procedure

The pen-and-ink method cunently in use to endorse contracting records does not sufficiently satisfy these requirements. Although ink signatures are thought to provide legitimate affirmation of an individual's identity; committing the author to the content of his or her documents; they are in and of themselves generally not meaningful or legally binding if not witnessed by an authorized third party. In most cases, a simple "X" signed in front of a notary or general public can serve equally as well ; the mark thus attesting to a well-defined commitment, and more imp011antly, observed by others to be made of free wi ll. When not witnessed, pen-and-ink signatures are otherwise not considered tmstworthy, being:

o highly susceptible to forgery, coercion, trickery, and non­repudiation (where a user can deny their signature or claim that it was made under false pretenses).

o Subject to unce11ainty when trying to determine if pages have been added and/or deleted from a file since signing.

o Hard to verify, seeing as the only subsequent methods available to detect suspicious activity are extremely tedious and labor­intensive. Because it is so highly impractical, costly, and undependable, the process is rarely performed.

All things considered, pen-and-ink signatures arc effectively a fom1ality, their application being an unreliable and inadequate means of validating a document.

What are the advantages of using Digital Signatures?

The use of digital signatures mitigates the concerns highlighted above and acts to better protect a document's integrity by incorporating various security features otherwise impossible to achieve with ink. Due to cryptographic technology, a unique digital signature code is assigned with each new document; yet every code is still linked to one particular individual. Therefore, digital signatures are specific to the document they are assigned to through a public key, while a private key designates the identity of the signer, verifying that a document was in fact authorized by the person understood to be the sender. Although the keys of the pair are mathematically related, it is "computationally infeasible to derive the private key from knowledge of the public key." Thus, although many people may know the public key of a given signer and use it to verify that signer's signatures, it is impossible for someone to uncover a private key and use it to forge digital signatures. ,.1

Other advantages that make digital signatures superior to ink include:

• The exact time of signing being recorded electronically; so that accuracy can be ensured.

• The ability to affirm that data displayed to the user before signing was not ambiguous or misleading in anyway, thereby reflecting the tme intentions of the signer and being legally defensible. This is accomplished through screening for "dangerous" content which may threaten the signer's abili ty to see what they are s igning

• Guarantee that a document has not been altered since the signing through hash function technology. It is computationally infeasible to derive an original message from knowledge of its hash value

Moreover, it has also been established that:

• The likelihood of malfunction or a security problem in a digital signature cryptosystem designed and implemented as prescribed by industry standards is extremely remote, being far Jess than the risk of undetected forgery or alteration on paper.

• Electronic technology offers the ideal means for guaranteeing the integrity of audit trials and online (intranet) storage.

• Few or no reported cases involving electronic data interchange (ED!) disputes are known

The advanced features grant a more reliable way for s igned documents to be deemed legally defensible. In cases of contractor protests or disputes, these attributes serve to:

• minimize the risk of dealing with imposters or persons who attempt to escape responsibility by claiming to have been impersonated;

• reduce the risk of undetected message tampering and forgery, in addition to false claims that a message was altered after it was sent;

1 American Bar Association, 'Digital Signature Guidelines Tutorial,'(2005), accessed 27'11 May 2006,

< http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html>.

unintended changes being made by the contractor or any parties other than the author. As opposed to using a source other than Adobe, this ensures that the program is PDF A-1 Compliant, aiming to protect the privacy, interests and rights of the data subject, ensuring state security and maintaining "good data file practices."

• Conversion of a Word, Outlook, or Excel document can be achieved by either clicking the "Convert to Adobe PDF" button on the top toolbar if displayed in the program, or attempting to print the file by Adobe PDF printer, which will prompt the user to save the document as a PDF file.

*However; without being certified, an outside party would still be able to convert a PDF file to a Word document with the right printer equipment. Therefore; the extra step of digitally signing wi ll ensure that the content of a document has not been altered*

2. Documents must be digitally signed using the certification method in Adobe, as opposed to simply adding an "ordinary" signature. There are two methods of signing a user can choose when digitally signing a document in Adobe, being either ordinary or certified. Certification establishes that a signature is under the sole control of the person using it, capable of verification, and linked to the data in such a manner that if the contents are changed, the signature is invalidated (satisfying all of the requirements originally outlined by the US Comptroller General for California legislation).

3. No type of security should be added to any of the PDF files in order to guarantee "ready accessibility to principal users," as established by FAR subpart 80 I (c).

4. The default settings which are pre-configured in Adobe should also be used when employing digital signatures. These settings are as follows:

•!• Choosing Edit > Preferences > Security (on the lefthand side) The box "Verify Signatures when Document is Opened" should be checked.

•!• Choosing Advanced Preferences from this window, the radial button "Use the document-specific method, prompt if it is not available" should be selected.

•!• And the box "Require that Certificate Revocation checking be done whenever possible when verifying signatures" should be checked.

•:• In the same window, Secure Time should be selected as the verification time

•!• In order to guarantee maximum compatibility with previous versions of Adobe software, Select File> Reduce File Size>and ensure that the option "Compatible with 5.0 and later" is selected.

•!• Also, the option "PDF Optimizer" can be selected from the "Advanced" toolbar menu and the "Compatible with" field should be set to "Acrobat 5.0 and later."

All DON systems operate either version 6.0 or 7.0 of Adobe. The only hindrance when opening a document using 6.0 that has been digitally signed

by the 7.0 version is the following message:

Adobe Reader f3

This file appears to use a new format that this version of Acrobat does not support. It may not open or display correctly. Adobe recommends that you upgrade to the latest version of our Acrobat products. Please visit our product site at http://www.adobe.com/acrobat

OK

From experimenting with the older version, it has been observed that this message pertains to capabilities such as file compression and encryption options that are superior in the newer version; not having affect on digital signature functionality and validity. In 6.0, signatures that were made using the updated version are still recognized as being certified; maintaining all their verification properties, and having the abil ity to store and recognize certificates of trusted identities. Therefore, clicking "OK" to this message will not compromise the legality of a document, while also not impeding on a user's workflow.

5. The following settings are optional, being specific to each user's personal computer display and subject to individual preference:

•!• Hiding the Validity Icons which appear next to the signatures Choosing Edit> Preferences> Security (on the left hand side) Choosing Advanced Preferences Clicking on the checkbox to "Hide Validity Icons"

•!• Turning off the dialog box-

After a document has been certified, a dialog box will appear every time the fi le is opened. This window provides descriptive information, certification status, and the validity degree of the document. Because most documents are opened by members internally in the command, and the box can cause inteJTuption in workflow, users may choose to tum this window off, although this action is not advised by Adobe.

Choose Edit > Preferences> and Startup from the left side-panel, and then un-check the box for "Certified Documents."

lf a user does decide to turn this box off; they can check the certification status of a document by navigating their mouse to the far bottom right corner of the Adobe window where a blue certification ribbon is displayed. Simply situating the mouse icon over the ribbon will prompt a yellow box to appear; exhibiting validation information. Right clicking this box will allow a user to choose "Document Status" from a drop­down menu, and in tum will display the aforementioned dialog box.

6. When using the digital signing feature, it must be made certain that access to Government acquisition opportunities still be facilitated for

• small business concems • small disadvantaged business concems • women-owned • veteran-owned, HUB Zone, and service-disabled veteran-owned

small business concems; as designated by FAR Part 5.02(b) [3]. Therefore, if a company does not currently have a system in place where a th ird-party vendor grants users their own personal certificates, such as PKI, they should be made aware of the option to self-sign their own certificate. Instructions to do so are presented in Encl (2).

However, when certificates are not issued by a trusted third-party, most conunonly being Verisign, anyone can set up a ce1tificate authority or create a self-s igned certificate purporting to be anyone else. It is even possible to create a certificate authority that claims to be Verisign. Therefore, when reviewing a document sent from a contractor, it is required that the origin of the certificate be verified before adding it to a user's list of trusted identities or accepting the document as being reputable. This is achieved by:

•!• Right Clicking on signature > Choosing "Properties" from the drop­down> Clicking the button "Show Certificate"

•!• Selecting the "Details" tab on the right hand column •!• ln the Certificate data panel, scrolling to the MD5-digest and SHA-1

digest located towards the bottom of the menu. •!• Taking note of the numbers, and cross-referencing them with the

originator of the ce1tificate, making sure they are identical. •!• If the numbers are correct, the "Trust" tab can then be selected and the

certificate can be added to the trusted identities list.

7. Documents that have been signed by outside pa1ties should also be scanned for "dangerous" content; not necessarily meaning a virus or bug; but rather, content that may have threatened the signer's abi lity to see what they were signing. This can include various types of JavaScript, multimedia, or any other dynamic items that could jeopardize document appearance, launch external applications, or be linked to inconspicuous information.

When a user administers the certification process, a document's problematic features are presented so that the author may include a legal attestation as to why the content exists within the document. When a file from a third party is

received, a user should select the "Signatures" tab so that the window will display details about the document's content. The user can then select options on the top left column, and prompt the "Document Integrity Propet1ies" operation to run, which will scan the document for questionable subject matter. If suspicious material does exist, the recipient will be presented a Jist of problematic features with the sender's legal attestation. This way, it can be assured that if the features are indeed malicious, the sender will be at fault.

8. Any document that is saved in the "S" drive without being certified will be considered invalid. The certified copy should be the only adaptation of a document saved to an e-fi le, in order to mitigate confusion in trying to discern between various outdated and conflicting versions, whi le also upholding the requirements set by FAR 4.502(C)3, ensuring "Minimal establishment of duplicate and working fi les"; Therefore, it is recommended that a document be scrutinized by the user for all necessary changes that need to be made before digitally signing, so that the certified copy will be "signed for and saved" as the most updated version, overwriting the original, rather than "signed for and saved as" a new document.

*Fu11her instructions on how to digita lly sign and certify a document using Adobe are outlined in Reference (a). *

9. If a document requ ires the signatures of other users, in addition to the author, blank signature fields must be incorporated into the fi le before being certified. This can be done by clicking the pen icon on the top toolbar and selecting "Create a Blank Signature F ie ld." After drawing the designated space for the signature, the property values of the field shou ld be changed accordingly:

•!• Name (Typing any arbitrary name) •!• Tooltip (Any direction such as "Sign Here" that will help the user) •!• Form field: Visible •!• Required Box checked •!• On the "Signed" tab, the "Mark as Read-Only" radial button should be

selected. This will ensure that the signature field cannot be cleared or deleted.

•!• After all changes are made, the "Locked" option should be checked

Further Step-by-Step instructions on creating a blank signature field are included in Encl: ( I) Digi tal Signature Instruction Sheet.

When cettifying, the author has the option of allowing certain changes to a document after being signed. If a blank signature fi eld has been incorporated because an authority needs to review and offer their critique, the author should allow for both form-fill ing and commenting changes to be made. This way, if only a minor change needs to be completed, it can simply be annotated by the reviewer.

Otherwise, if many modifications need to be made before an authority will sign off on a document, the author is the only one with the abili ty to clear the signature fields, and can revert back to the original program in order to make the changes to the actual text. A

signature can be cleared by right clicking on the field and selecting the frrst choice, "Clear Signature Field" Signers need to be aware that when allowing comments, they are forced to include a legal attestation stating permission, so that they can not later deny their signature.

When a digitally signed document is opened and it appears as though a blank field was signed and/or comments were made, a user is able to revert back to the version that was originally signed for without having to access two separate documents under independent file names. By right-clicking on the first digital signature field that was applied and selecting "View Signed Version," the original document is displayed. In this way, any false claims made by the signer that the content had changed since being signed can be refuted, especially in lieu of their legal attestation. Also, this feature mitigates the amount of duplicate files that are saved to the S Drive.

In order to view a list of all a document's adjustments, a user can right-click on a signature and display its "Properties." The "Document" tab should then be selected, and the button, "Compute Modifications List" should run. This will display all of the fom1-filling and commenting actions which have taken place since certification. This process is helpful in producing a thorough analysis of the document's integrity.

In conclusion, digital signatures should be employed as the defau lt way to authorize e-fi le documentation so that

• Files can be made legally defensible • Various business processes are perfmmed more efficiently and are in

turn more cost-effective • PKI development can be served to its potential

All users are instructed to familiarize themselves with the SOP, instruction sheets, and tutorials in order to gain a full understanding of the technology along with the scope of its functionality so that the feature is used properly and to the best of its ability.