WYSIWYS Extensions to the Estonian ID Card Browser Signing Architecture

Abstract

Since the first ID cards were issued in Estonia, hundreds of millions of electronic signatures have been created. As opposed to paper-based documents, where signatories have the option to inspect the documents before signing, the signatures that are given online, through browser extensions, are given by signers without being able to verify what is the actual data that is being signed. Instead of displaying the documents securely on the signer’s device, service providers supply a hash value, which the signer must cryptographically sign. This so-called blind signing is convenient for service providers and signatories but does not protect signatories against service providers asking them to sign something that they may not be willing to sign. In this thesis, two What You See Is What You Sign (WYSIWYS) solutions were proposed to address this problem. The proposed solutions were implemented by modifying the existing ID card software and the results were subsequently analyzed. The proposed improvements to the existing browser signing solution enable users to inspect documents before signing, providing the possibility to sign documents in web environments with as much confidence as paper-based documents.