InetVote: Vote (2): Execute the Script

James F. Carter, UCLA-Mathnet, 2004-10-10

Now you have the script to create the secret key and Certificate Signing Request for your ballot. Here are the steps to execute the script (the same as when you registered to vote).

  1. If you are a truly paranoid and well-trained computer user you will scan the script you received with virus protection software, and will view the script (it's a simple text file, though with a rather long line), understand what it's doing, and verify that no harmful activities are going to occur. If the script is not to your liking, e.g. you prefer different filenames or wish to use full path names, or if you need to translate the script to work with different crypto software, you may edit it to suit you.

  2. The Registrar of Voters knows that you have received a Ballot Ticket, but not which ballot ticket was issued to you (except for disputed registrations, i.e. non-secret ballots). If you claim you lost it, there is no way to invalidate the ballot that may be cast on that ticket if it becomes un-lost, and hence most Election Boards will refuse to issue you another Ballot Ticket. You are advised to save the ballot script (typically called on removable media, e.g. a floppy disc, writeable CD or USB key, before proceeding. Or print it out, hoping to scan it in later if the file is destroyed. Remember that one of the lines is quite long and must be folded.

  3. You need to protect your secret key! Do not let anyone become you by wielding the secret key. You need a good passphrase to protect it. Choose the passphrase now, before running the script. If you have a good one (see guidelines below) that you use frequently on your computer, and that hackers have probably not stolen, that would be a good choice.

    However, if you're creating a new passphrase here are some guidelines.

    Words in English or another language
    • The passphrase should be at least 20 letters long.
    • 30 letters is about the maximum for accurate typing.
    • The phrase should have no relation to yourself.
    • Do not use the name of anyone you know including pets and celebrities.
    • Do not use your birthplace or childhood street address.
    • Bartlett's Familiar Quotations is used by hackers; pick only an obscure quotation.
    • Scattering digits or punctuation and changing case creatively are helpful but do not give that much extra strengh; length is your best defense.
    Truly random password
    • Roll dice or use a password generating program to get a truly random password.
    • 11 bytes are needed for adequate strength, assuming they are chosen from upper and lower case letters, digits and punctuation.

    You also need to remember the passphrase for the secret key if you need to recover from election fraud or disputes. A CIA agent would be expected to be able to memorize a passphrase and to be sure of remembering it weeks or months in the future, but it isn't reasonable to expect millions of average citizens to accomplish this. If you have a safe, or a deposit box at a bank, write down the passphrase and put it in the safe. If not, hide it the same way you might hide a supply of cash. Make a backup copy of your voting-related files including the secret key, and put it in a different deposit box or hiding place. Make the backup on removable media such as a floppy disc, a writeable CD or a USB key. If the backup copy is stolen, it does nobody any good unless they have also obtained the passphrase for the secret key.

  4. Move the script you received to your voting-related files directory (folder), if not deposited there in the download process.

  5. Now execute the script. Use or start up a shell session (console window). Windows® users should start the Cygwin shell by double-clicking on its icon. Change to the directory for your voting-related files, and then run the script through /bin/sh. (You may vary the instructions, e.g. use different directories or a full path name, but the form given is the easiest for beginners to follow.)

    cd $HOME/votefiles

    The OpenSSL program will generate a new secret key and write it to vote.key. It will ask for your passphrase. It wants to see it twice, to guard against typing mistakes, and what you type will not be visible. The Certificate Signing Request will also be signed with the secret key and written to vote.csr. The script appends your Ballot Ticket after the Certificate Signing Request.

  6. Next Step: Now make your choices on the ballot. Include your Certificate Signing Request as the first item. Use the Choose button on the ballot to locate and include your Certificate Signing Request -- the one just created, not the one for voter registration. When you submit your ballot, you will get back a copy of it, with all your choices, including a signed certificate and the signature of the Election Board, by which you can prove that you did cast that ballot.

How to Cheat

It is essentially impossible for the voter to create or alter a Ballot Ticket by himself. He can edit the script so as to request that a different subject be signed for, but the Election Board won't sign it unless it matches the Ballot Ticket. Thus, there are no opportunities to cheat at this point.

Similarly on the ballot, all cheating by the voter needs to happen before this point. Cheating by the Election Board after the ballot is cast is discussed on the ballot itself.