Re: digital signature

["Stephen Adler" <user=65@nabble.blu.org>]

 To do this right, I believe, I want to get a key pair which is 
registered with a 3rd party registry like verisign or 
networksolutions.com or something like that. Is this not so? Say I sign 
a document with a self generated key pair, how does a third party know 
that the signature came from me and not someone posing as me who 
generated their own pair of keys? If I do need to go through the 3rd 
party registry route, who should I use? 

Matthew Gillen wrote: 
> Stephen Adler wrote: 
>> Guys, 
>> 
>> I've stumbled across the digital signature facility of adobe and PDF 
>> files and I'm interested in adopting it, or some form of digital 
>> signature of my business. Are digital signatures strictly a feature 
>> of PDF files? Has anyone had experience using digital signatures to 
>> authenticate documents for business and legal use? 
> 
> Besides signing email you mean? I do that for work, but less out of 
> necessity than out of trying to forge good habits.  :-) 
> 
> The whole point of gpg/pgp is that you can sign (and encrypt, but 
> that's not important to you) any type of file.  You might have to 
> ascii-armor it first though. 
> 
> Check out some of the front-ends for gpg (on windows, try GPGee: 
> http://gpgee.excelcia.org/).  You should be able to generate a 
> signature for anything.  The only issue is that the signature wouldn't 
> necessarily be "integrated" into the document itself, like with with 
> the PDF.  But that slight complication (having two files, the 
> document, and it's signature) is only an inconvenience, it has no 
> impact on the security, verifiability, or other functional aspects of 
> the signature. 
> 
> Matt 
>