Digital Signatures: How Files are Authenticated

  • Thread starter sysreset
  • Start date
  • Tags
    Digital
In summary, a digital signature is a means of proving that a file has not been altered. A digital signature is created by calculating a number from the contents of the file, and using a secret key shared by the signer and the recipient. The algorithm depends on the particular crypto system being used, but the important part is that the other person doesn't need anything secret form you to prove the signature. If you just need to prove it wasn't altered, then MD5 is the easiest, there are lots of free libs. If you need other people to be able to verify it, then Windows includes the CryptoAPI (linux has a similar set of functions).
  • #1
sysreset
139
0
Digital Signatures ??

What exactly happens to a file when a digital signature is executed? I am interested in how this is authenticated for both text and image files.
 
Computer science news on Phys.org
  • #2


The file is unchanged, a number is calculated from the contents of the file and your secret key. If the number produces a valid result when calculated with your public key then the signatuere is proved and the file was unaltered.

http://en.wikipedia.org/wiki/Digital_signature
The actual algorithm depends on which particular crypto system you are using. The important part is that the other person doesn't need anything secret form you to prove the signture
 
  • #3


Thanks mgb. I read the wiki article. I am writing C code for an application that will need to execute a digital signature on image files. Are there standard libraries or plug-ins for this sort of thing?
 
  • #4


What exactly do you need to do with the image?
If you just need to prove it wasn't altered then MD5 is the easiest, there are lots of free libs. If you need other people to be able to verify it then Windows includes the CryptoAPI (linux has a simialir set of functions).
It's not exactly plug and play you do need to understand a little about the topic.

A good alternative is just to sign the file with PGP (or better gnupg).
Either way you will also have to generate a key pair and publish the public one - pgp/gnupg has good docs on how to do this.
 
  • #5


The image files are gif's. We need to be able to tell (1) that the gif was signed and (2) who signed it. I am not sure if it is preferable to alter the image in this process or just create some kind of log or companion file using the keys. If there are standards for this function out there I would like to adopt those standards.

Since you said the image is not altered in this process, I am wondering about the log or companion files that record the signature. It seems a little messy to create a separate log file for each signed image. Is it common to create a dated log file for multiple signed images? Or a database, since there are muliple signers?
 
  • #6


Signing the file simply generates a long number, which is normally written in hex like
"d3c71afb8b88b1050067633cd8bcc4ca0bae696d", you then have to publish your public key.
The receiver needs to check it with, this number, the unchanged file and the public key.
GnuPG contains(GPL licenced) routines to do this.
There are lots of other sets of ode out there, google have jut launchedone called Keyczar, although it doesn't support C++ yet.
 
  • #7


Thanks again mgb... I think I have plenty of sources to work with now.
 
  • #8


Is the goal to sign or to watermark the images? These are similar but not identical processes...
 
  • #9


To sign. However, the images are not being sent to a recipient, they are just being archived. The purpose is just to document that the image has been viewed, the time and date, and by whom.
 
  • #10


Are you planning to store the signatures as metadata in the image file, or in a separate database?
 
  • #11


I am leaning towards the separate database, but would listen to opinions on the pros and cons of both approaches.
 

Related to Digital Signatures: How Files are Authenticated

1. What is a digital signature?

A digital signature is a type of electronic signature that is used to verify the authenticity and integrity of a digital document or file. It is created using a mathematical algorithm that generates a unique code, known as a hash, based on the contents of the file. This code is then encrypted using the sender's private key, which can only be decrypted using their public key. The resulting digital signature serves as a unique identifier for the file and can be used to verify that it has not been tampered with since it was signed.

2. How do digital signatures work?

Digital signatures work by using a combination of public key cryptography and hash functions. The sender uses their private key to encrypt the hash of the file, creating a unique digital signature. The recipient can then use the sender's public key to decrypt the signature and compare it to the hash of the received file. If the two match, it means that the file has not been altered since it was signed and can be trusted.

3. What is the difference between a digital signature and an electronic signature?

A digital signature is a specific type of electronic signature that is based on cryptographic techniques to ensure the authenticity and integrity of a digital document. An electronic signature, on the other hand, is a broad term that refers to any type of signature that is created and transmitted electronically, including a digital signature. Electronic signatures can also include things like a scanned image of a handwritten signature or a typed name at the end of an email.

4. Are digital signatures legally binding?

Yes, digital signatures are legally binding in most countries around the world. The United States, European Union, and many other countries have enacted laws and regulations that recognize the legal validity of digital signatures. However, it is important to note that not all electronic signatures are considered legally binding, so it is important to ensure that the digital signature meets all legal requirements in the relevant jurisdiction.

5. Can digital signatures be forged?

Digital signatures are designed to be extremely difficult to forge. The use of public key cryptography and hash functions makes it nearly impossible for someone to create a fake digital signature that will match the hash of a legitimate file. However, it is not completely impossible, so it is important to take proper precautions when using digital signatures to ensure their security and validity.

Similar threads

Insights Digital Filtering and Exact Reconstruction of Digital Audio
    • Computing and Technology
Replies
0
Views
3K
Steganographic Data File Searches
    • Computing and Technology
Replies
15
Views
1K
Optimizing a digital assistant to behave how I want it to?
    • Computing and Technology
Replies
5
Views
1K
I Preventing specific cases of digital signature forgery and repudiation
    • General Math
Replies
14
Views
1K
Troubleshooting CMD: Issue with Running .exe Files Using PATH
    • Computing and Technology
Replies
19
Views
2K
Compressing PDF documents to oblivion
    • Computing and Technology
Replies
10
Views
1K
Analog to digital signal converter in digital cameras
    • Computing and Technology
Replies
5
Views
1K
Adobe Digital Editions takeover of pdf files
    • Computing and Technology
Replies
2
Views
2K
Optimizing Round-Off Accuracy in Source Spectrum Calculations
    • Computing and Technology
Replies
1
Views
1K
Enforce the use of different sets of characters for passwords?
    • Computing and Technology
Replies
12
Views
715

Hot Threads

Recent Insights

Back
Top