pki

The Irish Government has recently passed legislation that makes digital signatures legally binding.
The concept of a Digital Signature is supported by PKI - Public Key Infrastructure.

Unfortunately the whole concept is fatally flawed. See "The Emperor’s New Clothes: The Shocking
Truth About Digital Signatures and Internet Commerce"

http://www.smu.edu/~jwinn/shocking-truth.htm

Also see "Ten Risks of PKI: What you're Not Being Told About Public Key Infrastructure"

http://www.counterpane.com/pki-risks.html

also

http://www.counterpane.com/crypto-gram-0011.html#1

How to break PKI on some-ones Microsoft Windows '98 computer. Get access to their computer for a minute or so....

1. Run Outlook Express
2. Work Offline
3. Click on Tools
4. Click on Options
5. Click the Security tab
6. Click on Digital IDs
7. Click on their certificate
8. Click on Export - this brings up the friendly Certificate Manager Export Wizard.
9. Click on Next
10. Click on Next again to export the private key
11. Click on Next again to Enable Strong Protection (ho ho)
12. Supply a password - use the single letter x - and click on Next
13. Supply a filename - key - and click on Next
14. Click on Finish
15. Click on OK, and OK again
16. Visit www.openssl.org, and download and install openssl Version 0.9.5a or later, which creates the openssl utility
17. d:>openssl pkcs12 -in key.pfx -nodes
18. Supply your "password" x
19. Out pops the private key!
20. Use the private key to decrypt all their "encrypted" emails, including all those intercepted over the past year. Use it also to sign legally binding agreements on behalf of your victim.