Let There Be Trust
Ariel Sabiguero Alfonso Vicente
Facultad de Ingenierı́a Facultad de Ingenierı́a
Universidad de la República Universidad de la República
Montevideo, Uruguay Montevideo, Uruguay
[email protected]
[email protected]
[email protected]
Abstract—In the digital age, trust is integral to secure online
communication and transactions, particularly with regard to
the authenticity of digital signatures. This paper investigates
the interplay between trust, legislation, and Public Key Infras-
tructure in the context of Uruguayan legislation that governs
Trust Service Providers. In particular, the paper examines,
from a critical perspective, the implications of Centralized Key
Management, and some vulnerabilities that arise from this
approach. The analysis is confined to Uruguay, focusing on
local regulatory frameworks and the operational dynamics of
the authorized Trust Service Providers in the country.
Index Terms—Trust, Trust Service Providers, Centralized
Key Management, Digital Signatures, Digital Rights
I. I NTRODUCTION
In today’s digital era, trust plays a pivotal role in facilitat-
ing secure communication and transactions over the Internet.
However, establishing and maintaining trust over the existing
Internet realm presents unique challenges, particularly when
it comes to ensuring the authenticity of digital signatures.
This article explores the relationship between trust, leg-
islation, and the use of Public Key Infrastructure (PKI) for
digital signatures. The discussion unfolds through the lens
of Uruguayan legislation governing Trust Service Providers
(TSPs), examining the implications of centralized custody of
private keys or Centralized Key Management (CKM) and the
potential vulnerabilities introduced by this approach. Due to
space constraints, we are unable to conduct a comparative
analysis of the legislations and TSPs of different countries.
Therefore, our analysis is confined to the Uruguayan context,
providing a focused examination of local regulatory frame-
works and the role of TSPs within this jurisdiction.
Section 2 succinctly explores the foundational principles
of PKI and the pivotal role of trust in the digital world.
In Section 3, we review Uruguayan legislation pertaining
to TSPs, analyzing the creation of a TSP Registry and the
mandated use of centralized custody for private keys. Section
4 delves into the practical implications of using TSPs,
using Abitab and ANTEL, the only two TSPs currently
authorized in Uruguay, to illustrate various challenges of
centralized custody and the vulnerabilities introduced by
username-password authentication methods. In Section 5,
we engage in a broader discussion on the implications of
our findings, exploring potential avenues to enhance trust
in digital communication while addressing the shortcom-
ings of existing legislative frameworks and implementation
practices. Finally, Section 6 offers concluding remarks and
Gonzalo Esnal
Facultad de Derecho
Universidad de la República
Montevideo, Uruguay
outlines directions for future research, emphasizing the im-
portance of reconciling legislative imperatives with cryptog-
raphy principles to foster a more secure and trustworthy
digital ecosystem.
II. T HE T RUST E THIC AND THE S PIRIT OF PKI
In this section, we assume the reader is familiar with the
topics discussed. However, we want to emphasize the his-
torical and theoretical significance of maintaining exclusive
control over the keys.
PKI is essentially about trust, or rather the lack of it. The
problem of how to guarantee secure communication over an
insecure channel between two agents who had no previous
contact seemed insoluble in the early 1970s. Whitfield Diffie
had the brilliant idea of using two keys: one public and one
private. He did not trust the National Security Agency (NSA)
and its Data Encryption Standard (DES). Diffie thought that
the NSA had placed a backdoor in DES, so that they could
decrypt any message with a master key that was only known
inside Fort Meade 1 . Nor did any alternative where a central
administrator knew the secret keys seem admissible to him
because it would mean trusting a central authority, something
Diffie did not trust. This lack of trust was very fertile [1].
After two years of work with his colleague and friend
Martin Hellman, in 1976 they published what would go
down in history as the Diffie-Hellman algorithm and public
key cryptography. It was called “public key” cryptography
simply because what was novel, what was almost heresy,
was the existence of a public key. The existence of a
private key to be kept secret was a well-established idea.
In that work, they emphasized the need to discover a digital
phenomenon that would allow them to “develop a system
capable of replacing the current written contract with some
purely electronic form of communication.” They noted that
such a phenomenon must possess the same properties as
a written signature, in which “it must be easy for anyone
to recognize the signature as authentic, but impossible for
anyone other than the legitimate signer to produce it.” [2].
They discovered the phenomenon they were looking for and
called it one-way authentication. This discovery is of great
importance. Of course, it is “impossible for anyone other
1 Beyond the existence of a backdoor, these suspicions were well-founded:
NSA officials were implementing a policy of concealing any cryptographic
knowledge, conducting espionage, and were probably the ones who asked
to cut the DES key to the esoteric 56-bit length.
than the legitimate signer to produce [the digital signature]”
as long as no one else knows the private key. With this
premise, the Diffie-Hellman algorithm allows us to trust the
authenticity of the signer. This decentralized key solution not
only solved technical problems but also established a new
paradigm of trust in digital communications.
The operation of an authentication system that allows
digital signatures “with the same properties as a written
signature”, is illustrated in Figure 1. If Bob wishes to sign
a document, he first generates a hash of the document.
This hash is then encrypted with his private key and the
resulting encrypted hash, known as the digital signature,
is attached to the document. This document can now be
sent safely over an insecure channel. When Alice receives
the document, she verifies its authenticity by independently
generating a new hash of the document (excluding the digital
signature) and then decrypting the attached digital signature
using Bob’s public key. If the decrypted hash matches the
hash she generated, it confirms that the document is authentic
and was signed by Bob. It is difficult for Bob to repudiate
that signature. His only possible defense to repudiate the
signature would be to claim that someone else (say, Eve)
accessed his private key and signed the document on his
behalf. In other words, Alice can trust that the signature
is indeed Bob’s, provided she trusts Bob to safeguard the
privacy of his private key. The entire trust of these systems
is based on the ethic of not sharing private keys with anyone.
Fig. 1. Bob signs a document
But what is trust after all? There are works that dif-
ferentiate between the notions of commonsense trust and
cryptographic trust [3]. For the purposes of this paper, in
what follows we will refer to the notion of commonsense
trust, but the problem of the polysemy of the term “trust”
will be crucial to the discussion.
Trust is often defined in terms of firm belief, confidence,
or faith. Is something that exists in the mental world: the
world of our thoughts, beliefs, and feelings. It is an idea that
is generated individually and manifests itself as actions in
social relationships. De Jouvenel wrote that “human actions
are, it is clear, based on confidence in others” [4]. Trust
can sometimes be seen in terms of trust networks between
individuals. Tilly describes trust networks as “ramified inter-
personal connections, consisting mainly of strong ties, within
which people set valued, consequential, long-term resources
and enterprises at risk to the malfeasance, mistakes, or
failures of others” [5]. Much more could be said about trust,
but that would exceed the scope of this paper.
Some pioneers, notably Paul Zimmermann, the creator of
Pretty Good Privacy (PGP), aimed to provide the world with
public key-based tools that would ensure privacy, authentic-
ity, and no repudiation. These tools facilitated the creation
of decentralized trust networks, a “web of trust”, where
interactions could occur freely and voluntarily [1]. Within
these networks, it is essential for each individual to keep
their private key private, embodying a principle reminiscent
of Benjamin Franklin’s often attributed saying, “Three may
keep a secret, if two of them are dead.” This decentralized
model fell out of favor with the centralized PKI model, in
which private keys are not generated by each person, but
by an authority that must be trusted. In any case, after the
key was generated, the importance of keeping private keys
private was common to both models. This ethos, which
emphasizes minimal shared secrets, resonates closely with
the spirit of these cryptographic pioneers.
It is difficult to imagine that it makes sense to command
someone to trust others, or that trust can be created ex nihilo
by legislation. Legislation may designate an agency as a TSP,
just as it can establish a Ministry of Truth. However, such
designations do not necessarily engender trust, just as such
establishments do not guarantee truth’s discovery. Despite
these limitations, this is precisely what some legislation
attempts to achieve.
III. Ex nihilo T RUST C REATION
In this section, we will analyze the case of Uruguayan leg-
islation with respect to TSPs.2 Of course, this is not a local
invention, as it is based heavily on Directive 1999/93/EC.
[6] For this reason, it is expected that the analysis of the
legislation can be extrapolated to a large extent to other
countries with legislation also based on the same directive.
Article 31 of Law 18600 states: “In the Electronic Cer-
tification Unit, a Trust Service Providers Registry is hereby
created. These providers are tasked with offering trust
services that provide legal security for events, actions, and
transactions performed or recorded electronically, including
the creation, verification and validation of advanced elec-
tronic signatures with centralized custody [...]”. Likewise,
it specifies that “Secure mechanisms must be established to
2 The Uruguayan laws, decrees and guidances cited in this article are in
Spanish, all translations were made by the authors.
perform electronic signatures at the request of the signer”. them to implement. They may not believe that there are
[7] relevant security risks associated with centralized custody
Subsequently, the Regulatory Decree No. 70/018, which of their private keys. Or, they may not even know that they
regulates Articles 31 to 33 of Law 18600, in its Article 11 will not be able to repudiate an AES. All these claims are
states: “Trust Service Providers must [...] Establish secure false and are what we will discuss in the next section.
mechanisms for executing advanced electronic signatures at
the signer’s request”. [8] IV. F RUSTRATING T RUST E XPECTATIONS
At this point, one might think that if “secure mechanisms” Using a TSP changes the scheme presented in Figure 1,
are established there is no risk. Rules create expectations, now a third agent is introduced in addition to Bob and Alice.
there is a “continuous interaction between the rules of Figure 2 shows the new scheme.
law and expectations: while new rules will be laid dowvn
to protect existing expectations, every new rule will also
tend to create new expectation”. [9] Mediating expectations
strategies have also been suggested to support trust in digital
civics. [10]
We are dealing with complex words: How secure are
“secure mechanisms”? Are they secure enough for us to trust
them with the custody of our private keys?
The very idea of centralized custody of private keys
represents a regression from “the Spirit of PKI”. But we must
recognize that people’s behavior in the digital world is likely
to be different from their behavior in the physical world. Few
people would leave a copy of their house keys at a police
station or blank signed checks with their banker. However,
many people have requested the management of their private
keys from TSPs, which means that there is a high degree
of trust after all. Where does this trust come from? We
can speculate that their sources lie among institutional trust,
laziness, and ignorance.
Institucional trust means that many people may be predis-
posed to trust what the laws dictate. After all, in Uruguay,
12-year-old children are required to respond “Yes, I swear”
when asked, “Do you swear to defend, even at the cost of
your life if necessary, the Constitution and the laws of the
Republic?”. This ritual is just one among several that have
been repeated countless times since early childhood. Why
should not we give a third party our private key if the laws,
worth dying for, tell us we can do so?
Trust due to laziness, or the “stupid crook theory”, is Fig. 2. A provider signs a document on behalf of Bob
FBI agent Jim Kallstrom’s idea that even some criminals,
knowing that their conversations may be intercepted, “en- The TSP holds Bob’s private key and signs a document
gage in incriminating conversations, simply because it was at his request. When Alice receives the signed document
too awkward to go outside and use a pay phone”. [1] and verifies that the signature matches Bob’s, she can trust
Trust due to ignorance could mean many things, as there that someone used a private key associated with Bob to sign
are many different things to ignore. In fact, we know very the document. Legally, the signature provides no repudiation,
little through direct experience and most of our knowledge but did Bob actually request the signature? There are several
is based on trust. The possibility of knowledge construction, potential threats that could undermine this assumption, three
even scientific knowledge, is more based on trust than is of which specifically involve the TSP:
usually admitted. People living in western and democratic a) A person with legitimate access within the TSP (either
societies have a great deal of trust in science and technology, an employee of the TSP or an employee of one of its
as well as in legislation. [11] suppliers) commits a fraudulent signature as Bob3 .
So people are justified in having expectations in what b) An attacker breaches TSP infrastructure security, ac-
the legislation says, especially when the legislation borrow cesses Bob’s private key, and manages to carry out a
terms from the sciences, as Advanced Electronic Signature fraudulent signature as Bob.
(AES) legislations have done with concepts from computer 3 This scenario becomes particularly alarming in the hands of a totalitarian
science. People may believe that TSPs will have the “secure government. If such a regime controls the infrastructure of TSPs, the
mechanisms” that government regulatory agencies mandate potential for abuse is significant.
 c) An attacker manages to impersonate Bob to request
a fraudulent signature. Since the attacker authenticates
as Bob, the TSP signs the document requested by the
attacker as if it had been requested by Bob.
We will focus on threat c, where it is relevant to maximize
the security of the authentication and signature request.
It is not expected that the experimental analysis of this
section with Uruguay’s TSPs can be extrapolated to the
reality of other countries, since implementation decisions are
essentially contingent. In Uruguay, there are so far only two
TSPs offering centralized custody services: Abitab (a private
company with an extensive network of payment locations)
and ANTEL (the state-owned telephone company).
We performed a simple signature test with each of these
custodians to analyze whether there were obvious security
flaws. The tests included the use of a Man-in-the-Middle,
to validate whether TSPs rely solely on SSL encryption to
keep sensitive signer data confidential.
Let us start with Abitab. Abitab’s service is
called ID Digital and is accessed through the URL
https://firma.id.com.uy/login. The service allows you to
log in with two account types: Abitab Digital Identity and
Signature ID Account. It is clarified on the login page
that “Accessing the ID Signature platform authenticated
with the Abitab Digital Identity App provides you with
the highest degree of security.” [12] When logging in with
Abitab Digital Identity, the login process sends a push to
the app on the cell phone that was declared at the time of
registration.
However, when accessed through the Signature ID Ac-
count, the following traffic can be seen:
POST https://doc-api.id.com.uy/
v1/auth/session/
create JSON {
"email": "[email protected]",
"password": "verysecret"
} simply relying on SSL encryption. Such measures would
This is consistent with the message on the login page,
leading us to expect a lower level of security when using
the Signature ID Account. After login, in both cases where
the PIN is requested to sign a document, the following traffic
can be seen:
POST https://autenticacion.
identidaddigital.com.uy/
trustedx-authn-passwd/authenticate
uniqueAttribute: CI_12345678
password: 1234
Let us turn to the case of ANTEL. The service pro-
vided by ANTEL, known as TuID, is accessible via the
URL https://www.tuid.uy/user/auth. Users have the option
to authenticate using the TuID mobile app or a combination
of username and password. [13] As in Abitab’s case, when
logging in with the TuID mobile app, the login process sends
a push to the app on the cell phone that was declared at the
time of registration.
However, by logging in with username and password, we
can see the following traffic:
POST https://eidas.tuid.uy/
tuid-authn-passwd/authenticate
uniqueAttribute: [email protected]
password: verysecret
As in Abitab’s case, after logging in, in both cases when
the PIN is requested to sign a document, the following traffic
can be seen:
POST https://eidas.tuid.uy/
tuid-authn-passwd/authenticate
uniqueAttribute: UY_CI_12345678
password: 1234
Let us consider a key difference between Abitab and
ANTEL. ANTEL allows all users to employ the less secure
username/password authentication method, while Abitab re-
stricts users who have adopted the more secure Abitab
Digital Identity method from using it. However, both TSPs
allow users to log into a web application to sign, using a
combination of username and password. In both scenarios,
signing requires an additional PIN.
The concern arises because, despite SSL encryption pro-
tecting the connection between the customer and the TSP, the
sensitive data used to make an advanced electronic signature
is visible in clear text. How can the TSP be sure that its
customer is not the victim of a Man-in-the-Middle (MITM)
attack? The simple answer is that it cannot. Victims of
MITM attacks are vulnerable to having documents signed
on their behalf by attackers. Legally, these AES are valid
and carry the property of no repudiation.
As we recently suggested in a public outreach article,
users in Uruguay should always use smartphone authenti-
cation [14]. However, more could be done. Ideally, TSPs
could deprecate less secure methods, or at least they could
implement some form of client-side encryption instead of
offer significantly more “secure mechanisms” than those
currently in use.
V. D ISCUSSION
We have demonstrated that an attacker can exploit the web
application of a TSP in Uruguay to impersonate a victim, but
specific conditions must be met. First, the victim must use
the TSP’s web application for signing without leveraging the
more secure smartphone authentication and signature request
methods. Second, the attacker must successfully execute a
MITM attack during this process, allowing them to intercept
the credentials needed to authenticate and sign a document
on the victim’s behalf.
At this point, the question of how realistic the risk of a
MITM attack is becomes relevant. The Guidance No. 22/022
of the Regulatory and Personal Data Control Unit (URCDP,
its acronym in Spanish) makes it clear that in the workplace,
MITM attacks “can be carried out on devices provided by
the employer.” Although it states that “employees must be
previously informed about the scope of the technique,” a
small investigation revealed that 8 out of 24 government
agencies that responded (1 out of 3) conduct MITM attacks
without informing their employees 4 . [15]
A relevant question is: What would happen if someone
tries to repudiate a signature claiming they did not make it?
On the one hand, the signature legally has the property of no
repudiation. However, even if it is clear that a document was
signed with a private key, the owner of the private key could
argue that it was in the custody of a TSP and that the TSP
could have failed in its custody. What kind of investigation
will be carried out? How thorough will it be, and what are
the resource limits? And if it were proven that the private
key owner was not the one who requested the signature,
who would bear the responsibility and costs of the potential
damage? Given the technical complexity of the topic and
the asymmetry of information, anyone who does not defend
the unrestricted principle of caveat emptor should prefer a
transfer of liability to the service providers and regulators.
As mentioned in a recent work, little attention has been
paid “to the consequences of having service providers –
which traditional cryptographic threat models treat as adver-
saries— control or assist in the adoption of cryptographic
privacy technologies” [3]. All these problems arise from
transferring to a third party what should be privately guarded.
It could be remembered that PKI, in a sense, is about the
lack of trust, and one might question the standardization of
transferring a trust that is artificially created.
Of course, the management of private keys and the use
of signing software with secure physical devices, such
as smartcards or tokens, present significant challenges to
laypeople. It is true that TSPs can offer simplified access
to AES functionality and even features such as certified
timestamping, which could be more complex to use or
lack legal recognition otherwise. One could argue that this
allows users to choose between greater convenience and
enhanced security. However, to make an informed decision,
users should be aware that there are inherent security risks
in using TSPs –and in the case of Uruguay, there are
serious risks because TSPs have not implemented the “secure
mechanisms” some users might expect. As Tilly says, by
trusting we “set valued [...] resources and enterprises at risk
to the malfeasance, mistakes, or failures of others” [5], and
we must be aware of this.
VI. C ONCLUSIONS
The analysis of TSPs’ authentication methods and the
vulnerabilities exposed through practical tests illuminate the
pressing need for enhanced security measures in Uruguay.
As demonstrated in Section IV, weaknesses in authentication
protocols and the reliance on SSL encryption leave users
vulnerable to malicious attacks, compromising the integrity
of digital signatures. Although this analysis is local, the
4 We made more than 30 requests for access to public information to
government agencies. Some agencies did not respond, and others declared
the information confidential. What is relevant is that 8 agencies declared
that they are in non-compliance with URCDP Guidance No. 22/022.
interplay of trust and legislative frameworks thus emerges
as a vital area for further exploration, particularly in light of
the vulnerabilities associated with CKM.
The existence of CKM systems, if they can be justified
at all, requires both TSPs and regulators to ensure that
security mechanisms are in place that do not neglect obvious
security flaws such as those discussed in this work. These
controls should build trust, not attempt to create it through
voluntaristic “Let there be trust”.
Finally, as the Electronic Frontier Foundation (EFF) has
recently warned, the mere possession of digital identities can
increase the frequency with which we share our data, which
can impact our privacy. [16] There is a lack of education
about privacy and digital rights. Not only citizens in general,
but even most computer professionals tend to trust TSPs
and their supposed “secure mechanisms” just because they
are established in legislation. Perhaps it is necessary to
emphasize that our digital signature is our property, and
as such, we should protect it.
R EFERENCES
[1] S. Levy, Crypto: How the Code Rebels Beat the Government –Saving
Privacy in the Digital Age. Penguin USA, 2001.
[2] W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE
transactions on Information Theory, 1976.
[3] E. Balsa, H. Nissenbaum, and S. Park, “Cryptography, trust and
privacy: It’s complicated,” in Proceedings of the 2022 Symposium on
Computer Science and Law, 2022, pp. 167–179.
[4] B. De Jouvenel, Sovereignty: An inquiry into the political good.
Cambridge University Press, 2012.
[5] C. Tilly, Trust and rule. Cambridge University Press, 2005.
[6] European Parliament and Council, “Directive 1999/93/EC of the
European Parliament and of the Council of 13 December 1999 on a
Community framework for electronic signatures,” Official Journal of
the European Communities, Brussels, Directive L 13, January 1999.
[Online]. Available: https://eur-lex.europa.eu/legal-content/EN/TXT/
?uri=celex:31999L0093
[7] República Oriental del Uruguay, “Ley no. 18.600: Documento
electrónico y firma electrónica,” 2009, accessed: 2024-09-28. [Online].
Available: https://www.impo.com.uy/bases/leyes/18600-2009
[8] ——, “Decreto no. 70/018: Reglamentación de los arts. 31 a
33 de la ley 18.600, relativa a los servicios de confianza de
identificación digital y firma electrónica avanzada con custodia
centralizada,” 2018, accessed: 2024-09-28. [Online]. Available:
https://www.impo.com.uy/bases/decretos/70-2018
[9] F. A. Hayek, Law, Legislation, and Liberty, Volume 19. University
of Chicago Press, 2022, vol. 19.
[10] E. Corbett and C. A. Le Dantec, “Exploring trust in digital civics,” in
Proceedings of the 2018 Designing Interactive Systems Conference,
2018, pp. 9–20.
[11] S. Shapin, Never pure: Historical studies of science as if it was
produced by people with bodies, situated in time, space, culture, and
society, and struggling for credibility and authority. JHU Press, 2010.
[12] Abitab, “Id firma,” accessed: 2024-09-28. [Online]. Available:
https://firma.id.com.uy/login
[13] ANTEL, “Tuid,” accessed: 2024-09-28. [Online]. Available: https:
//www.tuid.uy/user/auth
[14] A. Vicente, A. Sabiguero, and G. Esnal, “Firmar con prestadores de
servicios de confianza: riesgos y precauciones a tener en cuenta,”
Revista de la Asociación de Ingenieros del Uruguay, vol. 100, no. 1,
pp. 55–61, 2024.
[15] Unidad Reguladora y de Control de Datos Personales, “Dictamen
no. 22/022,” 2022, accessed: 2024-09-28. [Online]. Available:
https://www.gub.uy/unidad-reguladora-control-datos-personales/
institucional/normativa/dictamen-n-22022
[16] A. Hancock, “Digital id isn’t for everybody, and
that’s okay,” https://www.eff.org/deeplinks/2024/09/
digital-id-isnt-everybody-and-thats-okay, September 2024, accessed:
2024-10-04.