Guard Your Drawings with Digital Signature

28 Feb, 2003 By: Lynn Allen

If you're holding a hard copy of a drawing that's been signed off by the Chief Architect or Engineer, you can be fairly certain the drawing hasn't been modified since it was released. But if someone sends you an electronic version of the drawing file, how do you know if it's valid? Maybe it's been changed since it was last approved. Has it actually been approved? There's no easy way to lock down that drawing so no more changes can be made. Enter Digital Signatures!

If you haven't heard of Digital Signatures yet, believe me you will. This ingenious new concept of digitally signing electronic files is spreading like a wildfire. New laws continue to pass, paving the way for legal acceptance of these signatures as binding in a court of law. And now we can prove that someone truly signed a drawing. (Who hasn't met someone denying signing off on a drawing file?) It's actually a very clever concept. First, make the drawing files read-only. Then stamp them with a digital signature to ensure their integrity. Let's take a closer look, step by step.

Digital Signatures became available as one of the AutoCAD extensions, part of the Autodesk Subscription program. As I mentioned last month, I normally don't like to write about anything you don't all have access to; nevertheless, since most of the extensions tend to roll up into the next release of AutoCAD software, you can consider this a nice sneak peak into the future (wink-wink). Before I joined Autodesk I always loved getting a heads-up on the next release of AutoCAD, so I'm making an assumption that many of you feel the same way. I've been talking about digital signatures for more than six months now, and I've had extremely positive responses.

Getting a Digital Signature

First of all, you need to get a digital signature. Where do you get them? Well, there are numerous certificate authorities that are happy to take your money and give you a digital signature--in fact, most of them offer a free trial option. Autodesk uses a company called Verisign as its digital-signature provider, but it isn't mandatory that you use them. The first time you launch the Digital Signature program, you will be sent to Verisign to get a digital signature (unless you already have one). There are different types of digital signatures depending on the level of security you need. If you want a digital signature that prompts for a password every time you use it, you'll have to pay more. You can even get a minimum-security signature on a 60-day trial basis for free, which I recommend until you decide you're completely sold on the digital-signature concept. When you're ready to make the commitment, you'll find you can get a digital signature for a year for as little as $15.95 (so money shouldn't be an issue here). Digital signatures are stored in the REG file.

I found it very painful trying to move my digital signature from one computer to the next when I upgraded my laptop. I couldn't even buy another one because it was linked to my email address and Verisign kept telling me I already had a digital signature. After working with the Verisign customer service (and a few gray hairs later), I was finally able to figure out how to move it. Just a heads-up here!

Each digital ID is unique and is made up of a name, serial number, and an expiration date, along with other assorted information. It's a very long, scary number, which you really don't stand a chance of remembering. But that's not a problem because once you get your digital ID, AutoCAD will kindly remember that painfully long ID for you!

Figure 1. The Digital Signatures dialog box allows a user to select and sign drawing files.

After your digital signature is installed, you're ready to sign some documents. Simply execute the "Attach Digital Signature" command (external to AutoCAD), which is located in your Program menu under "Autodesk," and you'll see a dialog box displayed, as shown in Figure 1. We'll begin by selecting a couple of drawings we'd like to sign by picking the "Add files" button. There's even a simple Search mechanism included in the dialog, should you accidentally misplace your drawing files. After selecting the desired drawing files, you can time-stamp the signature by grabbing the time from the signing computer, or opt for an exact time from the time server of the National Institute of Standards and Technology, the U.S. Naval observatory, or Caltech University. Gee, is the actual time, down to the second, that crucial in the drawing process? Finish off your signature with any pertinent comments by inputting any appropriate text. When you're ready to make it official, select the Sign Files button. If all goes well you'll be prompted with the number of signed files. The status for these files will change in the dialog.

You can distinguish a signed drawing file from an unsigned one through Windows Explorer, because the icon has changed slightly to indicate the presence of a digital signature. This is represented with a very small certificate ribbon appearing in the upper-left corner of the standard DWG icon. When opening a signed drawing, you are immediately faced with a warning telling you this drawing is read-only. This is followed with the Digital Signature Contents dialog displayed in Figure 2. Here you'll find all of the information input when the drawing was signed. You'll also find a checkbox in the lower-left corner that says "Skip Xref warnings." If the current drawing also has signed attached xrefs, then you would technically get to see a dialog box for each xref, and you may not want to sift your way through multiple dialogs.

Figure 2. When opening a signed drawing, AutoCAD will display the assigned signature information.

As far as security is concerned, most of us know how to take a read-only drawing and make it readable. Simply right-click on the drawing file, go to Properties, and turn the read-only status off! So this isn't going to absolutely keep someone from altering your drawing file. However, as soon as someone makes any changes and then resaves the drawing, that digital signature will disappear and it is no longer a signed drawing file.

Coincidentally, on a flight to Frankfurt I sat next to an attorney who told me she focused her business on the Internet. I asked her if she worked with digital signatures and she just about fell out of her seat, remarking that she'd never had anyone ask her that before. Apparently she'd written a couple of articles on digital signatures and was spending a great deal of time working on the legal issues that surround them. She also reassured me that the future for them was very bright (as I am telling you today).

Though you may not have this technology at your fingertips yet, save this column for future reference! And the next time someone tells you he or she didn't sign off on an electronic drawing, remember what you've learned here. Until next month, Happy AutoCADing!