InetVote: Register to Vote (1)

James F. Carter, UCLA-Mathnet, 2004-10-10

The registration process goes in these steps:

  1. Install cryptographic software and the File Signing Script.
  2. Fill out the Voter Registration Form. In return, you receive a script (program) for the next step.
  3. Create your first secret key, and a request to the Registrar of Voters for a X.509 certificate (matching this key) affirming your right to vote.
  4. Send in the Certificate Signing Request, and get the certificate back.

(Note: this is a secret ballot; you don't sign it with the key you create in step 3 because that would prove who you are. Later you create a different key to sign the ballot with.)

Step 1a: Software Installation

The scripts that you install use OpenSSL as their cryptographic infrastructure. You need to install OpenSSL if you don't already have it. In a production deployment a neat package would be provided, but for this demo you get to install OpenSSL yourself. What to do depends on your operating system:

Already Have OpenSSL

If you already have it you do not need to install it again. But if your version is old you may want to update to a more recent version.

Linux or MacOS-X

Most Linux distros, and MacOS-X, include OpenSSL because, like InetVote, many software packages use it as crypto infrastructure. To see if it is already installed, start a shell (terminal window) and do rpm -q openssl (or your equivalent if your distro doesn't use RPM), or execute openssl version. If it isn't installed, follow the instructions that came with your distro, to get it installed. If it isn't in your distro at all, see the next section.

The distro's installer should verify that the software has not been tampered with. If you install manually, be sure to do the verification step.

Other UNIX

Do openssl version. If OpenSSL isn't there, you will need to compile it from source. See http://www.openssl.org/; follow the source link; you want the regular version, not the engine version unless you have a hardware crypto engine.

Download the checksum of the source package and verify that the sources were not tampered with.

Microsoft® Windows®

The easiest way is to use the Cygwin UNIX emulation DLL. On the Cygwin site, hit the icon labelled Install Cygwin Now. When the installer starts you can tell it what applications you want; be sure to include OpenSSL on the list. You may need to tell it Show All Packages. If you already have Cygwin, follow the Find a Package link on the web site and get just OpenSSL.

The Microsoft installer does some procedure to check that the software is unchanged since its developer signed it. Be sure that the signer is the actual author and not some hacker.

Older Macs, BEOS, VMS, RSX-11M, MS-DOS, OS-360, etc.

Unfortunately there is no support for MacOS-9 and earlier. There's a chance that you could compile OpenSSL on VMS and maybe RSX-11M. Consult the Cygwin site to see if there is any support for MS-DOS (not likely).

For Paranoid Voters

You may use any cryptographic package you want, if you prefer other software or if your security rules or other legal issues forbid you to use software obtained from the above sources. However, you will need to view the scripts, which call the OpenSSL software, and translate them to do the same thing using your special package.

Step 1b: File Signing Script

Pick a convenient spot for your voting-related files, that you can remember and find on election day. A subdirectory of your home directory makes sense. In the examples throughout this demo, the directory is called votefiles, but you may use any name you please if you can remember it. The command would be mkdir votefiles. For Cygwin under Microsoft® Windows®, the home directory is generally found as C:/cygwin/home/user (substituting your user ID as the last component). You can make the directory using Windows Explorer or you can start the Cygwin shell by double-clicking on its icon, and do mkdir votefiles just like on UNIX.

If you used InetVote in a previous election and you have settled all disputes involving you in that election, you may remove your old ballot files, typically named vote.* and ballot.* unless you renamed them. But your Registration Certificate may not have expired; keep it for re-use if so.

If you don't have the File Signing Script from previous use of InetVote, get it by clicking on the link below. You want to save the script as a file with your other voting-related files. If your web browser is configured for low security and offers to open (i.e. execute) the script, insist on saving it as a file.

Get File Signing Script

A truly paranoid and well-trained computer user will then scan the file with virus protection software, and then view it with a text editor, understand what it's doing, and determine by his/her own judgment that the script contains no harmful elements. Only then is it safe to execute the script. Later you use this script to sign your registration certificate, to prove that you are the person who registered to vote.

Next Step

Once OpenSSL is installed, proceed to fill out the Voter Registration Form.

How to Cheat

In this context, a Trojan Horse is a modified version of a popular program that steals or vandalizes important information or that gives a hacker control of the victim's computer for evil activities. If anyone snuck a Trojanized version of OpenSSL or Cygwin onto one of the distribution sites, it would cause massive chaos and mistrust of the computer voting process. The introduction of a Trojan Horse has been attempted several times, but only one or two were successful, in computer games distributed by sites with a lesser concern for security.