return to home page

signetsure versus other digital signature products

many products deal with digital signatures. few compete directly with signetsure. but many are worthy of mention in a general review of digital signature products. below are reviews for the following categories.


user applications

many windows applications sign and verify files, too many to mention. also there are plug-in components which add digital signature capability to other applications such as email and word processing.

the pioneer windows application is pgp (pretty good privacy), which is free for non-commercial use. in addition to signatures, pgp also encrypts/decrypts files and manages the public keys of ones correspondents. the non-commercial version of pgp is available for free download from mit. the commercial version and other security products are available from pgp security, an affiliate of network associates.

id certify publishes a product called signatrue. this is document-signing tool that plugs into ms word, adobe acrobat, and various email programs. the idcertify web site has a free download for verifying signatrue signatures, without being able to produce signatures.

a search of shareware web sites will find many additional encryption and signature applications programs. signetsure and its companion program, authent, together can be a user application for signing and verifying files. but signetsure's main purpose is a developer tool.

developer tools

there are relatively few crytographic developer tools. besides signetsure, three worth mentioning are aspencrypt, pgpsdk, and rsa bsafe crypto-c.

aspencrypt is an active server dll with support for asp pages and visual basic. it costs $249.00 and has a 30-day free evaluation period. when a developer needs more functionality than signetsure provides, this might be a good choice. click for more discussion about aspencrypt.

pgpsdk is a development kit containing the same technology with which pgp is implemented. it comes bundled with pgp e-business server and is not available separately. pgp e-business server adds encrypted data transfers to an e-commerce web site without programming. one would normally not buy this just to obtain pgpsdk. click for more discussion about pgpsdk.

rsa security inc. publishes a full line of security products. it is the company that bought the (now expired) patent rights to the the rsa public-key algorithm. bsafe is their line of developer tools. bsafe crypto-c is a library of cryptography funtions.

watch this space for future information on crypto-c in the future.


application id.  authenticode.

one can sign various kinds of programs (exe, dll, vba scripts), for verification by ms windows. this requires a registered certificate. verification means both that the program has not been hacked, and that the program's publisher is known to the certificate authority. the following entities issue certificates especially for this purpose.

certificate authority cost (12/2000)
thawte home $200.00
verisign home $400.00


signetsure and these certificates are complementary, not competing. these certificates allow windows to verify your program while signetsure allows your program to verify its data files. in a high-security situation, the same application could use both.


certificate authority

certificates are not developer tools. yet they are what most most people think of when they hear "digital signature." so this web page would seem incomplete without mention of the topic. certificate authorities issue encryption key pairs. (a pair consists of a private key and a public key.) the difference between these keys and the keys you create with signetsure is that the issuing certificate authority maintains certain standards as to whom it will issue a key. professional virus authors and scam artists typically do not meet these standards and can have their certificates revoked once caught.

verisign is the best know certificate authority, but there are many other and the following list is hardly exhaustive.

entity serving ...
abaecom members of american bankers association.
digital signature trust co. general
entrust.net wireless communications
esign australia australia
id.safe singapore and general
verisign general


other services

cryptography research, inc. offers cryptographic consulting services. their web site is interesting, because it links to various papers discussing cryptography.

gibson research corporation has a useful website that deals not with cryptography, but with personal security and personal privacy. its shieldsup program tests your computer for security leaks online.




additional notes

aspencrypt

aspencrypt is a collection of class libraries for doing all types of cryptography tasks. here are the major topics included in its tutorial.

this is an impressive list of features. if you need any of these features, other than create and verify digital signatures, aspencrypt is clearly the tool of choice. so with all these features, why would anyone ever want to use signetsure? if you only want to sign/verify files, consider the following differences.

here are some other points to consider.

    1. all samples are asp scripts. visual basic support is limited to a some code snippets and setup instructions. c++ programmers are entirely on their own.


    2. the documentation is not always 100% clear. a simple test of the digital signature features required some experimenting and an email to the publisher for support. (but the email question, sent late one night, received a reply the next morning. so technical support gets an a+.)


pgpsdk

pgpsdk is published by network associates. it is the same library that network associates uses to develop its own cryptography products. the user's guide lists the following topics as core operations.

pgpsdk is intended strictly for c programmers. it is very comprehensive. of course, it exposes api's for encrypting, decrypting, signing and verifying. but it also exposes many lower-level api's as well. for example one can sign and verify network communication on a block-by-block basis. it also exposes access to its random number functions and to its big-number functions.

a drawback to using pgpsdk is availability and price. pgpsdk is not available as a separate product. it is bundled with network associates' pgp e-business server. the web site says that it is also available with total network security suite. but a network associates representative says that this is, at best, an evaluation version. there are separate prices for a two-year license and a perpetual license. a perpetual license for pgp ebusiness server is about $7,500 before jan, 2001 and about $10,000 starting jan, 2001.

the primary component of the pgp ebusiness server package is not pgpsdk, but software that adds cryptographic security to e-commerce web sites. network associates boasts that many large corporations use this product to secure their e-commerce data transfers. thus, one would not normally buy this product just to get pgpsdk. one buys this product to secure an e-commerce web site, and then may use pgpsdk only if further program development requires it.


rsa bsafe

rsa security inc. publishes a full line of security products. it is the company that bought the (now expired) patent rights to the the rsa public-key algorithm. bsafe is their line of developer tools. bsafe crypto-c is a library of cryptography funtions.

watch this space for future information on crypto-c in the future.



this page is typically out-of-date 2 days ist (internet standard time) before it is updated. please post notice of broken links and other suggestions to the signetsure feedback page. last updated december, 2000.

return to home page

louis vuitton outlet