Monthly Archives: October 2012

Protect CAD (Round Trip)

I once thought the hard copy or electronic CAD file in my records was the original drawing. If emailed to a client, it turns out this notion would not hold up in the court of law. Drawings that are emailed are sent to the cloud, a cluster of computers, and move from computer to computer before they reach the end user. At any point along the trip, the drawing can be changed, and the point of this example is verifiable, repeatable evidence the drawing has not changed. The end user expects they hold an exact copy of the original CAD file. How do you know they have the same file as the one you sent as the email attachment? Well, it turns out you have a few methods to solve this dilemma. A sign your drawing with a Digital Certificate, or Password Protect with Hash comparison will be discussed here.

I sign my drawings with a Digital Certificate, which has a digital fingerprint unique to me and my personal email address. If the drawing changed and emailed back to me, I will be able to verify the drawing has changed. This process is done for me and is built into AutoCAD. The other method (Password Protect) requires more than a Password to verify your drawing. Since passwords may be compromised, there needs to be a secondary method to verify the state of the drawing.  Before sending the drawing to your client, use a Hash Algorithm software like in AEC Signature will record the hash code of the drawing in a separate text file. Remember, when using  any Hash Algorithm software, the CAD drawing must be closed, or at a minimum, the software must copy the drawing to a temporary directory(to allow full read) to return an accurate hash value.

In summary, you can use a Digital Certificate to verify the round trip state of your drawing. This is common practice with other file types. The second method would be use a password to protect the document along with the hash code of the document stored in a safe place before you send the files to your client.


Protect CAD Documents

With Autodesk products, there are two methods used for protecting a drawing. Digital Certificate or Password Protect you document. We will give you a short description of each and describe how a Hash Code can help determine if a drawing is valid.

Digital Certificates

You may purchase a standard (Person Not Validated) Certificate from Verisign for $20USD. This validates the user by email only. Other more strict certificates will call and verify the business information. Once you have downloaded a certificate, it will have a Private Key that you will choose when creating the certificate. To install this certificate with a Private Key (PK), you will be prompted to enter it to install on your local machine. If you only need the Public Certificate (Without PK), you can export this with Internet Explorer, under Certificates. You may distribute the Public Key to any user along with your CAD file that has been signed with your installed PK Certificate. If you do not send the Public Key Certificate for the user to install, they will not see the drawing is Valid Signature Dialog Box.

To use a Digital Certificate, do the following steps:

1. Purchase a Digital Certificate; You will create a PK, which is stored inside the Certificate.

2. Install the Digital Certificate on your local machine for strong PK signing of CAD drawings.

3 Either you the Autodesk Certificate dialog under “Security Options” or use AEC Signature to sign your drawing.

4. Distribute your Public Key Certificate (Must be Exported. ). This does not have a Password attached, so the user can click to install.

As a result, the end user can’t change the certificate on the drawing, but will be notified if they change it on their end.

Password Protect

Under Security Options in AutoCAD, select Password Protect Document, and enter your password. This will force the user to enter a password to open the drawing. Note, you CANNOT use Certificates and Password Protect at the same time. It’s either or! With AEC Signature, you can password protect the document and generate a report.

Hash Code

Hashes, Checksums or Cyclic Redundancy Checks (CRC) are used on CLOSED files with read access to generate a hash code to compare with the original file to determine if there have been any changes. If the codes are not equal, then the file has changed. AEC Signature uses the following hash algorithms: MD5, SHA1, SHA256, SHA384, SHA512.

If you have an open CAD file, the file access is partially locked, so hash software cannot complete the read. That is why we write out a copy of your drawing in AEC Signature. We can then perform a read to generate a public key report.


AEC Signature 2013 Road Map

In 2012 version, we incorporated the Professional Reports, Time Tracking, and a new UI look, which we will keep as we move forward.In this version of AEC Signature 2013, we hope to include several enhancements listed below.

1. The ability to insert a Bar Code and QR Code Block into your drawing.

2. Professional Seal Maker. Make a conforming seal that works with the software automatically.

3. Future work that will override and augment the security settings in the Autocad file. These will support Military Classifications of Security with CAD drawings. More on this as these features are implemented.

4. Object Export Filters. The ability to export only selected drawing features.  More on this as these features are implemented.

We will always keep the AEC Signature software FREE to Autodesk users. However, the high level granularity security settings will not be included with the FREE version. There will be a vetting process, which may take up to an year. After that, these are Commercial and Military grade settings, and ,if needed, will be an additional purchase to activate the base software. then may justify the cost of a purchased license.

Keep checking this site on the progress of these changes. You will be able to download these directly from our site, and only replace the dll’s in the folders. Since there are no licensing restrictions, the updates will be an easy transition.

AEC Signature 2013 for AutoCAD

AEC Signature® 2013 for AutoCAD and its vertical products is available online. A few of the compatible products are as follows: Civil 3D, Map 3D, and others. to view similar products.

AEC Signature has been Trademarked

The mark identified above has been published in the Trademark Official Gazette (TMOG) on Oct 23, 2012.

To View the Mark in the TMOG:

Click on the following link or paste the URL into an internet browser: