Nearly two years ago I wrote a post on my personal english blog about Thunderbird and the P7M-file attachments. In the meantime more and more bureaucracy has gone under the digital-sign mandatory usage, coming to an apex this fall with the introduction of the Public Administration Electronic Market (MePA), with the due to buy everything from there (yes, even the toilet paper).
So now everybody from administration to 1st researchers have to deal with those nasty p7m files. Where the nastiness cames from the adoption of some subsets of what the international community adopts regarding these themes: security and identity (ie. PEC). And also from bad documentation and personnel’s training.
Anyway … if you have a Mac (or a PC) and are not so tech-savvy what do you have to do with this rendiconto-2012-progetto.PALLA.pdf.p7m the central administration office sent you this morning?
Well, you have to think to the P7M as an envelope on which somebody has put its own mark on sealing wax to the actual file. It’s that simple. All you have now to do to read your file is to break this wax to see the file’s content.
For the Mac OS X platform I found two software, freely downloadable from the software houses that made them, that helps users to deal with the file digital signature.
The first one is DikeX (Dike and DikeL respectively for Windows and GNU/Linux systems), that cames from one of the most prominent collaborator of the italian government: InfoCert. You can download DikeX from the provided link.
The second one is called ArubaSIGN with a strong branding name, since it comes from italian’s ISP Aruba.it. You can download ArubaSIGN for Mac and Windows from them. For GNU/Linux there’s the release to actually sign a file, but I haven’t tried to see if this works just to open files without an ID-sim in the system.
Both shows themselves as droplet areas where one has to drag-n-drop the signed file. Then the program verifies the authenticity of the sign, its validity, the time of its last modification and an option to extract the signed file on our system. Then we’ll have to open it with the designed application.
It comes obvious that:
- you can modify the extracted file;
- you cannot save the modified file and then re-sign it pretending to be the “real”, original, file;
- the only legally dependable file is the original p7m one.
Well, I think this is all … if you need some more information just ask in the comments!