SecurDisc can digitally sign data on a protected disc so that a user can always be sure it came from the correct source. When you transfer important data from one person to another, the recipient must be able to tell that the data is authentic and has not been manipulated.
To do so, SecurDisc lets you digitally sign an entire SecurDisc disc using a trusted signing key. You can then distribute a signature verification key to anyone who receives the disc, allowing them to verify the authenticity of the data.
A private key is used for the digital signature, and the recipient verifies it using the corresponding public key. If you don't have a private-public key pair you can create one within Nero Express.
The recipient needs either InCD or InCD Reader to verify the signature using the public key. So basically, a private key will be created and a public key will be created as a file. You can email this file to somebody so they can check that it was you that digitally signed all the files on the disc and they are not being duped with malicious data. So how do we go about adding this layer or protection to the disc?
Using Digital Signature
As we have done already, use Nero Express to create a whole new SecurDisc Data DVD compilation. This time however, when you have added your files and folders, look at the left panel and tick the box beside Digital Signature. A new window will automatically open.
You are asked to select a private key from a list, and since this is your first time doing this, you obviously don't have anything to choose in the list. No worries, we will just create a digital key. Click the Start button to begin the process.
Creating a Digital Key
The first screen here simply explains that you are about to create a digital key. A digital key comprises of a Private Key and a Public Key. As the source, you keep the Private Key to yourself, and you provide anybody who is going to receive the disc the Public Key so they can verify that it was digitally signed by you.
When you have read this part and understand what it means, click Next.
Generating the Keys
This part does seem strange at first, but it is made in the most secure way it could be. Basically what you are asked to do here is to move the cursor (pointer) around the window and type any random gibberish with your keyboard. You don't see any of what you type on the screen, but in fact, your random keys and pointer movement is being taken into account, and a key is being generated out of it.
So why not just ask you for a bunch of gibberish and then generate a key from that? It's quite simple, many computers have spy software and key loggers installed (unknown to the user) which record every keystroke into any application that is used. If this program relied only on whatever you type, then it could be a security risk, not to mention that duplicate digital keys could be created. Keep typing gibberish and moving the mouse around like crazy until the process is finished.
Name the Key
You now must give the digital key a name. For me, I call it AfterDawn Backup. Take note of where it says the private and public key will be sent to. In my case, it has gone into SecurDisc Key Data, in My Documents. There will be a folder full of private keys and public keys when you have been using the software long enough.
Choose Private Key
You will now be asked to choose a Private Key from a drop-down list once again. This time, the key you just created will be available. Select it, like in my sample picture (AfterDawn Backup.bsk) and click OK.
Nero Express event log
When the burning process begins, once again, the Event Log will list any features of SecurDisc that are being used on this particular compilation. This time, you will now see what Key file you are using to sign the contents of the disc.
In the example picture, it reads Digital Signature (AfterDawn Backup.bsk).
So you know that you are supposed to provide the recipient of the disc with the public key. AfterDawn Backup.bsk is not the public key, it is the private key. So where is the public key? In my case, it is in the My Documents folder, under the SecurDisc Key Data/Public Keys/ folder, as shown in the example picture.
I suggest emailing this key to your friend or business partner and not sending it on another disc or anything like that.
How is the Digital Signature checked?
When the recipient receives the disc and inserts it into his/her drive, it is not hard to check the disc to see if the source is in fact you. Look at the InCD icon in the Systray. Right click on it and place the pointer over the drive the disc is currently in.
From the pop-up menu, you should now see "Confirm digital signature". Click this option.
Confirm Digital Signature
You will now be informed that for this process, a Public Key is required. Your friend / business partner should already have this key.
To select the appropriate file, click the "Select public key" button.
Open Public Key
A file browser will now load, allowing you to browse for the Public Key file. This will be a .bpk file. Again, when the Digital Signature is originally created, this will be inside a folder under My Documents by default.
Find the appropriate file and click Open.
Digital Signature Verification
The program will now verify that the Public Key is the proper key created when the Digital Signature was produced. The time this process will take depends on the amount of files on the disc that need to be verified.
The test should be successful, if not, then suspicion is warranted. Tampering like this would not be uncommon for a business to experience, and this is why it is vitally important that this layer of protection is not overlooked at all.
SecurDisc offers a form of copy protection for content, although it is limited to PDF files at the moment. Making sure PDF files cannot be reproduced or opened with applications that can edit them is a great idea however, as a lot of important documents are created and stored as PDFs. So let's see how SecurDisc implements this protection.
Written by: James Delahunty