The registration process goes in these steps:
(Note: this is a secret ballot; you don't sign it with the key you create in step 3 because that would prove who you are. Later you create a different key to sign the ballot with.)
The scripts that you install use OpenSSL as their cryptographic infrastructure. You need to install OpenSSL if you don't already have it. In a production deployment a neat package would be provided, but for this demo you get to install OpenSSL yourself. What to do depends on your operating system:
If you already have it you do not need to install it again. But if your version is old you may want to update to a more recent version.
Most Linux distros, and MacOS-X, include
OpenSSL because, like InetVote, many software packages use it as crypto
infrastructure. To see if it is already installed, start a shell
(terminal window) and do rpm -q openssl
(or your equivalent if
your distro doesn't use RPM), or execute openssl version
. If it
isn't installed, follow the instructions that came with your distro, to
get it installed. If it isn't in your distro at all, see the next
section.
The distro's installer should verify that the software has not been tampered with. If you install manually, be sure to do the verification step.
Do openssl version
. If OpenSSL isn't
there, you will need to compile it from source. See http://www.openssl.org/; follow the
source
link; you want the regular version, not the engine
version unless you have a hardware crypto engine.
Download the checksum of the source package and verify that the sources were not tampered with.
The easiest way is to use the Cygwin UNIX emulation DLL. On the Cygwin site, hit the icon labelled
Install Cygwin Now
. When the installer starts you can tell it
what applications you want; be sure to include OpenSSL on the list.
You may need to tell it Show All Packages
. If you already have
Cygwin, follow the Find a Package
link on the web site and get
just OpenSSL.
The Microsoft installer does some procedure to check that the software is unchanged since its developer signed it. Be sure that the signer is the actual author and not some hacker.
Unfortunately there is no support for MacOS-9 and earlier. There's a chance that you could compile OpenSSL on VMS and maybe RSX-11M. Consult the Cygwin site to see if there is any support for MS-DOS (not likely).
You may use any cryptographic package you want, if you prefer other software or if your security rules or other legal issues forbid you to use software obtained from the above sources. However, you will need to view the scripts, which call the OpenSSL software, and translate them to do the same thing using your special package.
Pick a convenient spot for your voting-related files, that you can remember
and find on election day. A subdirectory of your home directory makes sense.
In the examples throughout this demo, the directory is called votefiles
,
but you may use any name you please if you can remember it. The command would
be mkdir votefiles
. For Cygwin under Microsoft® Windows®, the home
directory is generally found as C:/cygwin/home/user (substituting your user ID
as the last component). You can make the directory using Windows Explorer or
you can start the Cygwin shell by double-clicking on its icon, and do mkdir
votefiles
just like on UNIX.
If you used InetVote in a previous election and you have settled all disputes involving you in that election, you may remove your old ballot files, typically named vote.* and ballot.* unless you renamed them. But your Registration Certificate may not have expired; keep it for re-use if so.
If you don't have the File Signing Script from previous use of InetVote, get
it by clicking on the link below. You want to save the script
as a file with your other voting-related files. If your web browser is
configured for low security and offers to open
(i.e. execute) the
script, insist on saving it as a file.
A truly paranoid and well-trained computer user will then scan the file with virus protection software, and then view it with a text editor, understand what it's doing, and determine by his/her own judgment that the script contains no harmful elements. Only then is it safe to execute the script. Later you use this script to sign your registration certificate, to prove that you are the person who registered to vote.
Once OpenSSL is installed, proceed to fill out the Voter Registration Form.
In this context, a Trojan Horse
is a modified version of a popular
program that steals or vandalizes important information or that gives a hacker
control of the victim's computer for evil activities. If anyone snuck a
Trojanized version of OpenSSL or Cygwin onto one of the distribution sites, it
would cause massive chaos and mistrust of the computer voting process. The
introduction of a Trojan Horse has been attempted several times, but only one
or two were successful, in computer games distributed by sites with a lesser
concern for security.