e-certsDS: Certificados Eletrônicos com Assinatura Digital
Abstract
Electronic certificate management tools are used by educational institutions and event organizers to simplify and automate certificate issuance, delivery and validation tasks for attendees. Validation is typically limited to a static authentication token, which is generated deterministically (e.g., cryptographic digest) or pseudo-random (e.g., set of any 8 letters). Consequently, an attacker who successfully compromises the system can compromise (e.g., add new or modify existing) validation tokens. To mitigate this type of problem, we propose the e-certsDS tool, which issues and publishes electronic certificates that can be validated through an OpenPGP digital signature and an additional authentication code (using the cryptographic primitive HMAC). End users can verify authenticity through digital signature, which prevents the attacker from modifying existing certificates (or adding new ones) without detection.
References
da Silva Ribeiro, P., Conrad, P., Junior, S. A. M. B., and Kreutz, D. (2011). Sistema de Gestão de Certicados Eletrônicos. In V Workshop de TIC das IFES, Florianópolis.
DTIC (2016). Sistemas de Gestão de Certicados Eletrônicos (SGCE). Universidade Federal do Pampa (Unipampa). Manual do Usuário.
e-certicado (2021). Certicados online para cursos. https://e-certificado.com.
GC (2021). Gerador de certicados. https://geradordecertificados.com.
KBR (2021). Online bulk certicate maker software. https://www.edusys.co/en-in/college-certificate-making-software.html.
NTIC (2010). ERRC 2010 encerra com palestras e premiação. https://dtic.unipampa.edu.br/2010/10/13/.
Software Público Brasileiro (2016). SGCE Sistema de Gestão de Certicados Eletrônicos. https://softwarepublico.gov.br/social/sgce.
Sympla Internet Soluções S.A. (2021). Sympla. https://www.sympla.com.br.
