Notary Key

Owned by Leonard Schubert
Last updated: Aug 16, 2023
6 min read

The key used to encrypt the biometric signature data is encrypted twice, once with the document hash (AES), a second time with a RSA public key. The matching private key is securely stored at a notary, hence the keys name. This second RSA encryption takes place in the mobile apps, frigg RSA encryptor or in a StepOver signature pad.

Biometric data is collected when using the HTML Signer or the Websignatureoffice mobile apps (not click to sign). Biometric data is also collected when using StepOver signature pads in conjunction with the Websignatureofice pad connector. This data is encrypted on the pad itself with a certificate stored on it (unencrypted biometric data never leaves a StepOver signature pad), the frigg config setting has no effect here.

The RSA notary public key can be defined in the frigg config.ini using the key value "notary_public_key". If no key is defined a default StepOver key is used. The values format is a RSA certificate in pem format without the START + END CERTIFICATE markers.

notary key .pem file format example:

-----BEGIN CERTIFICATE----- MIIGETCCA/mgAwIBAgIJAI7OSzwPq2zbMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD VQQGEwJERTEbMBkGA1UECAwSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlT dHV0dGdhcnQxEzARBgNVBAoMCk5vdGFyeSBMdGQxDzANBgNVBAsMBk5vdGFyeTEW MBQGA1UEAwwNTm90YXJ5IE5vdGFyeTEgMB4GCSqGSIb3DQEJARYRbm90YXJ5QG5v dGFyeS5jb20wHhcNMTkwODE2MTU0MzQ1WhcNMjkwODEzMTU0MzQ1WjCBnjELMAkG ... -----END CERTIFICATE-----

example notary_public_key config with line break and without start/end marker

notary_public_key=MIIGETCCA/mgAwIBAgIJAI7OSzwPq2zbMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD \ VQQGEwJERTEbMBkGA1UECAwSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlT \ dHV0dGdhcnQxEzARBgNVBAoMCk5vdGFyeSBMdGQxDzANBgNVBAsMBk5vdGFyeTEW \ MBQGA1UEAwwNTm90YXJ5IE5vdGFyeTEgMB4GCSqGSIb3DQEJARYRbm90YXJ5QG5v \ dGFyeS5jb20wHhcNMTkwODE2MTU0MzQ1WhcNMjkwODEzMTU0MzQ1WjCBnjELMAkG \ ...

 

Notary key server configuration

The table shows, which config.ini settings are relevant for the signing methods and which fallback is used.

Singing method

settings

Fallback

Description and additional settings

Singing method

settings

Fallback

Description and additional settings

HTML-Signer

rsa_encryptor_public_key

(fallback: notary_public_key)

 

notary_public_key

StepOver Standard Key (4096 bit)

rsa_encryptor_public_key

The biometric data is encrypted with the rsa_encryptor_public_key. If the key is not set, notary_public_key will be used.

 

notary_public_key

Fallback key if rsa_encryptor_public_key is not set.

If notary_public_key is not set, the StepOver standard 4096 bit key is used.

 

notary_sha1_fingerprint

notary_sha1_fingerprint is optionally set in the braga config.ini. This value is compared with the fingerprint received from the frigg frontend upon signature creation. 

 

App

notary_public_key

StepOver Standard Key (4096 bit)

If notary_public_key is not set, the StepOver standard 4096 bit key is used. It is obtained with the tyrservice method getSettings.

 

Signature pad

pad_connector_crypto_id_names

Standard key on pad (if pad_connector_crypto_id_abort_message is not set)

The biometric data is encrypted on the pad. A pad contains several keys. Those can only be set with a firmware update.

 

pad_connector_crypto_id_names

If the config is not set, the standard key of the pad is used.

 

The config pad_connector_crypto_id_names contains a semicolon-separated list of key name. The first name defined in the list, which is present on the pad, is used for encryption.

 

pad_connector_crypto_id_abort_message

If no corresponding crypto id name is found on the pad, the abort message is shown and singing is not possible. If the abort message is not set, the standard key of the pad is used.

(see "pad encryption" below for details)

NOTARY INFO 

In order to find out which key was used for encryption, a notary info is stored with each signature. This information can be extracted by using StepOver ESO or Baldur. The information is extracted from the certificate:

===( NotaryInfo StepOver GmbH )===

buero@notar-jaumann.de
Notar Werner Jaumann, 
Stuttgart, 
Baden-Wuerttemberg, 
DE
2048bit
SN:eadc2c14dce0677b
SHA1:fadf592b5cca3e77e0852a36472b0ebbac99cdfd
valid:03/14/78

This information is shown on server startup as an info log entry.

Monitoring

The notary certificate sha1 fingerprint is shown on the monitor endpoint

Additional fingerprint check

An additional fingerprint check can be configured in the braga config.ini: notary_sha1_fingerprint

This value is compared with the fingerprint received from the frigg frontend upon signature creation. If the values do not match an error is logged and the signature fails otherwise the signature is successfully created.

The fingerprint can be obtained from the pem file (see above) via openssl:

openssl x509 -in certificate.pem -outform DER | sha1sum c938267a3015450513bcf9a10eb97e982885139c

Alternatively the .pem file can be converted to a .der file and the fingerprint can be obtained from the certificate properties:

 

Notary key workflow

This is a simplified overview of the bio data encryption with the different singing methods. Only the encryption with the notary key is shown, not the AES encryption.

 

Pad key configuration

The pad contains one or more keys for encrypting the bio data. The keys are identified by “crypto id names” and a “crypto id”, which are obtained from websignatureOffice via the pad connector (getDeviceDetails).

If the config pad_connector_crypto_id_names is not set, the signature will be encrypted with the standard key of the pad.

If the config pad_connector_crypto_id_names is set, webso retrieves the crypto id infos from the pad, which contain the name and crypto id and names of the keys. It then iterates over both lists and searches for a crypto id name which is in both lists.

If a matching crypto id name is found, the singing is started with the crypto id of the first matching key.

If no matching crypto id name is found and crypto_id_abort_message is defined, the process is aborted and the message shown.

If no matching crypto id name is found and crypto_id_abort_message is not set, the signing will be started without a crypto id and the default key of the pad is used.

Simplified sequence diagram for pad signing with or without defined crypto_id_names:

 

 

Example how webso sets the crypto id when signing with pad:

See https://stepoverinfo.atlassian.net/wiki/spaces/General/pages/83034359 and https://stepoverinfo.atlassian.net/wiki/spaces/General/pages/95485953 for additional information about the api.

First webso obtains the CryptoIdInfoList with "getDeviceInfo".

Example response:

The response contains three keys:

id (crypto_id)

description (corresponds to pad_connector_crypto_id_names)

padCertLength

padNotaryLength

id (crypto_id)

description (corresponds to pad_connector_crypto_id_names)

padCertLength

padNotaryLength

0

StepOver cryptoIdv1

256

256

1

StepOver 2048/4096

256

512

2

StepOver 3072/4096

384

512

example config

Webso iterates over the pad_connector_crypto_id_names. In the example crypto_id 3 (StepOver 3072/4096) will be used: "FooBar" is not present on the pad. "StepOver cryptoIdv1" is present on the pad, but "StepOver 3072/4096" is before "StepOver cryptoIdv1" in the setting list and will be taken instead. "StartSigning" will then be called with crypto_id=2.

E.g.: