Digital Signature

Overview

A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and to ensure that the original content of the message or document that has been sent is unchanged. It can be used with any kind of message, whether it is encrypted or not. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped.

To set your default digital signature option, you select it on the Users Preferences Page (Figure 1). Select "Yes" for the "Include digital signature when available" option. Remember you must be logged in before making any changes to the User Preferences.

Select Yes for Digital Signature in User Prefernces
Figure 1. User Preferences Page

If your default digital signature option is set to "Yes", when you put data delivery requests into your shopping cart, each dataset will default to including a digital signature with it. Figure 2 shows a shopping cart with two items in it, each requesting that a digital signature be delivered with it. You may uncheck the digital signature box if you do not require a digital signature with that item.

Note: Since generating digital signatures creates extra processing time in the CLASS Delivery System, it is recommended that you do NOT request digital signatures if you do not really need them.

Screen shot of the shopping cart
Figure 2. Shopping Cart

To verify the CLASS digital signature, you will need to download the CLASS public keys. To download the keys, click on the "Download Keys" link in the lefthand toolbar (Figure 3).

This image shows where the link for downloading keys
Figure 3. Download Keys Link

When you click on "Download Keys", another window will pop up with the key information and brief instructions (Figure 4). The key is everything between
-----BEGIN PGP PUBLIC KEY BLOCK----
and
----END PGP PUBLIC KEY BLOCK----

You will need to save the key information to a file either by cutting and pasting, or by selecting "File/Save" from the browser top menu. Be sure to save it as a text file.

CLASS Keys and Instructions
Figure 4. CLASS Keys and Instructions.

After you have saved the key to a file, you may use any OpenPGP compliant tool to verify data you receive from CLASS. For example, if you saved the key to a file called CLASSKEYS, and you want to use GNU Privacy Guard (http://www.gnupg.org), you do the following:

Add the key to your key collection: gpg --import CLASSKEYS
To verify a file called DATA_FILE_1: gpg --verify DATA_FILE_1

CLASS keys may expire from time to time. If you receive an expired key error message from your OpenPGP compliant tool, you may need to download a new key from CLASS.

Back to the top