Prev-20 Home Next-20 3 msg New in GPG KEY Problem 1 msg new (2007-01-07) keyanalyze results (+sigcheck) 3 msg About FIPS 3 msg Rephrasing the question 1 msg Error with keyring Connecticut DSS Requirements for Electronic Sig... \ James Platt (3 Jan 2007) . \ David Shaw (3 Jan 2007) . \ Vince Callaway (3 Jan 2007) . . \ Werner Koch (3 Jan 2007) 6 msg signatures using S-Trust smart card 6 msg Import PGP Secret Keys 3 msg gpg-agent: hide my passphrase length 1 msg upgrade errors? 7 msg Still Bad Signatures - KGPG seems broken 2 msg gpg-agent directories in /tmp 3 msg Making Progress, Still having Bad Signatures. 2 msg unable to find valid key for.... 5 msg USB vs Smart Card? 3 msg Signature notations? 6 msg Issues w/Daylight Savings Time in 2007 ? 9 msg gnupg clearsigning question 1 msg compiling gpgme with bcc 1 msg new (2006-12-24) keyanalyze results (+sigcheck) Prev-20 Home Next-20

Prev-Msg Prev-Thread Gnupg-users Jan-2007 Next-Thread Next-Msg Subject: Connecticut DSS Requirements for Electronic Signatures Group: Gnupg-users From: James Platt Date: 3 Jan 2007 I'm writing some documentation for a particular application I support that uses GPG as a back end for signing documents. This particular implementation is subject to regulation from the Connecticut Department of Social Services (link to the regulations below). While I am confident that my application meets the requirements (especially given the variety of other systems where the vendors have signed off on compliance with this regulation) I want to be sure that my documentation is technically correct for my own satisfaction, if nothing else. I wonder if readers of this list could comment on how they would interpret the application of these rules to the use of GPG. In particular, what would you say is the "unique code?" Is it just the user's private key or is it the private key plus other information stored with it? As I understand it, the main input in generating a key pair is the output of a random number generator. Does information about the user such as their name and email address actually get incorporated into the key in any way or is that information just stored along with it? I would rather not say that the GPG password is part of the unique code because the regulations speak of the unique code as being something which is assigned to the user by the provider (me). That could then be interpreted as meaning that I would have to assign every user a new password every 60 days (requirement 7b). It makes a lot more sense to me to have the users pick their own passwords but maybe I'm taking that part too literally. http://www.ctmedicalprogram.com/bulletin/pb05_50.pdf James Platt C&IS Support Specialist Dermatology, Yale Cancer Center Yale University School of Medicine, New Haven, CT _______________________________________________ Gnupg-users mailing list Gnupg-users http://lists.gnupg.org/mailman/listinfo/gnupg-users Prev-Msg Prev-Thread Gnupg-users Jan-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com