A simple solution for using EDS - development

    imageIn my previous article, “A Simple Solution for Using EDS”, I described the idea for implementing an application for using EDS. Since then, quite a lot has changed. Most importantly, we decided to switch to a model without using intermediate proxy servers and use QR codes more actively. We also got a nicer demo site that allows you to try how our application works for various applications: to sign a petition, to vote, to confirm your actions on the site.

    For those who do not want to read the previous article, let me remind you what it is about ...

    Our GPL Vote projectfocused on creating a distributed and secure voting and signature collection system. We believe that the use of an electronic digital signature is a prerequisite for its creation. However, many existing solutions are either too complicated for the average layman, or paid, or closed. And, most often, all this is observed together. Therefore, we decided to offer an easy to use, free and open solution.

    I note again - we do not offer any new ideas. We offer only an implementation that includes a mobile application and API for sites that want to use its capabilities. There are no restrictions on the use of the mobile application - any site can implement the necessary API and offer its users the protection of their data through the mobile application. So any site can take the source of a mobile application and remake it to fit your needs. The main thing is to comply with the license.

    About changes


    We thought, thought and decided what to include in the intermediary chain in the form of proxies, despite the fact that work with the site is not a good idea. But in this case, it is necessary to somehow transfer the contents of the signed document to the mobile application.

    And then we remembered the QR codes. Through it, you can directly transfer all the document data from the screen to the mobile application. However, the documents can be quite large. So no screen is enough to display a QR code. What can we say about the procedure for its recognition from a low-power smartphone. The solution was found quite obvious. Because To send a signature to the site, you still need to connect your smartphone to the network, in the same way you can get a document through the network. Therefore, in the QR code, we decided to place these URLs on the site, where you can get the contents of the document for signing. We just replaced the circuit with our own, so that such links could be automatically sent to our application.

    Thus, the whole procedure of signing a document is reduced to scanning a QR code and signing it in the opened window of our application. A plus of this option is the fact that QR codes for signing petitions can be placed not only on sites, but also on leaflets or paper ads. Of course, in this case, the signed document is available in open form, but often this is quite acceptable (for example, for the same petitions).

    Just the second significant change concerns the fact that the document for signing can be presented in two forms: in personified form, when the document data is encrypted with a user key, and in public form, when the document is intended for multiple signing by different people. The public option, as I have already noted, can be used to collect signatures for petitions or to organize open voting.

    Well, the last change - an attribute containing a URL is included in the structure of the document for signing to which the mobile application must send the signature of this document. With the introduction of this feature, we completely untied the signing procedure from intermediate proxy servers. The consequence of this innovation was the fact that the delay between sending the document signature and its processing disappeared.

    Plans


    We have many more improvements in our plans. They mainly relate to backing up a secret key, restoring it from a backup, and creating the infrastructure for canceling a compromised key.

    So she began work on a mobile application that implements a “trust network” using this application as a module for signing.

    Links to additional information


    Mobile application on the Google Play Store
    New demo site
    Description of the API for sites
    Mobile application source code (Android)
    Demo site source code (Perl)

    Also popular now: