Now you have the script to create your secret key and Certificate Signing Request. Here are the steps to execute the script:
If you are a truly paranoid and well-trained computer user you will scan the script you received with virus protection software, and will view the script (it's a simple text file, though with a rather long line), understand what it's doing, and verify that no harmful activities are going to occur. If the script is not to your liking, e.g. you prefer different filenames or wish to use full path names, or if you need to translate the script to work with different crypto software, you may edit it to suit you.
You need to protect your secret key! Do not let anyone
you by wielding the secret key. You need a good passphrase to protect it.
Choose the passphrase now, before running the script. If you have a good one
(see guidelines below) that you use frequently on your computer, and that
hackers have probably not stolen, that would be a good choice.
However, if you're creating a new passphrase here are some guidelines.
Bartlett's Familiar Quotationsis used by hackers; pick only an obscure quotation.
You also need to remember the passphrase on election day. A CIA agent would be expected to be able to memorize a passphrase and to be sure of remembering it weeks or months in the future, but it isn't reasonable to expect millions of average citizens to accomplish this. If you have a safe, or a deposit box at a bank, write down the passphrase and put it in the safe. If not, hide it the same way you might hide a supply of cash. Make a backup copy of your voting-related files including the secret key, and put it in a different deposit box or hiding place. Make the backup on removable media such as a floppy disc, a writeable CD or a USB key. If the backup copy is stolen, it does nobody any good unless they have also obtained the passphrase for the secret key.
Move the script you received (register.sh, unless you renamed it) to your voting-related files directory (folder), if not deposited there in the download process.
Now execute the script. Use or start up a shell session (console window). Windows® users should start the Cygwin shell by double-clicking on its icon. Change to the directory for your voting-related files, and then run the script through /bin/sh. (You may vary the instructions, e.g. use different directories or a full path name, but the form given is the easiest for beginners to follow.)
The OpenSSL program will generate a new secret key and write it to
register.key (unless you edited the script to change the filenames). It
will ask for your passphrase. It wants to see it twice, to guard against
typing mistakes, and what you type will not be visible. The Certificate Signing
Request will also be signed with the secret key and written to
Now send the Certificate Signing Request to the Registrar of Voters by using the form below. You will receive in return a certificate by which the Registrar of Voters affirms your right to vote in the coming election. Save this certificate to a file on disc, with your other voting-related files. The suggested filename, used in the examples futher on, is register.usr. You will need to sign and present it on election day to receive a ballot.
In this form use the
choose button to find and select your
Certificate Signing Request, called
register.csr. On Microsoft®
Windows® (Microsoft Internet Explorer web browser) ypu can open the file finder
drag and drop the file's icon from the folder display into the
file finder. Try it on competitor web browsers also; it's likely to work.
Next Step: After you save your certificate to a file on disc, you need to verify that you can actually submit your ballot on election day. Proceed to Online Voting and go through the whole procedure of submitting a sample ballot.
The major cheating opportunity on this page is to hack into the victim's
computer, install spyware that will reveal the passphrase for his secret key
when he enters it, and then steal the key and certificate. A potential victim
with competently installed anti-virus software, who keeps his machine up to
date with the latest security patches and who does not execute programs from
untrusted sources, will only be vulnerable to
i.e. he will be nearly invulnerable. However, a hacker can run a massive
parallel attack on the
sheep (easily victimized persons) among computer
users, and likely could capture a significant number of certificates and secret
keys, though getting both the key and its passphrase is somewhat harder.
If a thief can physically obtain the backup copy of the certificate, its secret key, and the passphrase for that key, then he can impersonate the victim and vote. Unfortunately, most voters do not have safe deposit boxes. However, thievery is risky and time-consuming, and it isn't likely that enough identities could be physically stolen to seriously influence an election.