Digital Signatures: How Files are Authenticated

  • Thread starter Thread starter sysreset
  • Start date Start date
  • Tags Tags
    Digital
AI Thread Summary
Digital signatures authenticate files by generating a unique hash based on the file's contents and a secret key, allowing verification through a public key. The file remains unchanged, and various algorithms can be used depending on the cryptographic system. For image files, standard libraries like CryptoAPI on Windows or GnuPG can facilitate this process. While creating separate log files for each signed image is common, using a database for multiple signers may be more efficient. The discussion emphasizes the importance of documenting image access without altering the original files, focusing on signing rather than watermarking.
sysreset
Messages
137
Reaction score
0
Digital Signatures ??

What exactly happens to a file when a digital signature is executed? I am interested in how this is authenticated for both text and image files.
 
Computer science news on Phys.org


The file is unchanged, a number is calculated from the contents of the file and your secret key. If the number produces a valid result when calculated with your public key then the signatuere is proved and the file was unaltered.

http://en.wikipedia.org/wiki/Digital_signature
The actual algorithm depends on which particular crypto system you are using. The important part is that the other person doesn't need anything secret form you to prove the signture
 


Thanks mgb. I read the wiki article. I am writing C code for an application that will need to execute a digital signature on image files. Are there standard libraries or plug-ins for this sort of thing?
 


What exactly do you need to do with the image?
If you just need to prove it wasn't altered then MD5 is the easiest, there are lots of free libs. If you need other people to be able to verify it then Windows includes the CryptoAPI (linux has a simialir set of functions).
It's not exactly plug and play you do need to understand a little about the topic.

A good alternative is just to sign the file with PGP (or better gnupg).
Either way you will also have to generate a key pair and publish the public one - pgp/gnupg has good docs on how to do this.
 


The image files are gif's. We need to be able to tell (1) that the gif was signed and (2) who signed it. I am not sure if it is preferable to alter the image in this process or just create some kind of log or companion file using the keys. If there are standards for this function out there I would like to adopt those standards.

Since you said the image is not altered in this process, I am wondering about the log or companion files that record the signature. It seems a little messy to create a separate log file for each signed image. Is it common to create a dated log file for multiple signed images? Or a database, since there are muliple signers?
 


Signing the file simply generates a long number, which is normally written in hex like
"d3c71afb8b88b1050067633cd8bcc4ca0bae696d", you then have to publish your public key.
The receiver needs to check it with, this number, the unchanged file and the public key.
GnuPG contains(GPL licenced) routines to do this.
There are lots of other sets of ode out there, google have jut launchedone called Keyczar, although it doesn't support C++ yet.
 


Thanks again mgb... I think I have plenty of sources to work with now.
 


Is the goal to sign or to watermark the images? These are similar but not identical processes...
 


To sign. However, the images are not being sent to a recipient, they are just being archived. The purpose is just to document that the image has been viewed, the time and date, and by whom.
 
  • #10


Are you planning to store the signatures as metadata in the image file, or in a separate database?
 
  • #11


I am leaning towards the separate database, but would listen to opinions on the pros and cons of both approaches.
 

Similar threads

How can you trade non integer values of Bitcoin?
Replies
5
Views
2K
Insights Digital Filtering and Exact Reconstruction of Digital Audio
Replies
0
Views
4K
Steganographic Data File Searches
Replies
15
Views
2K
Optimizing a digital assistant to behave how I want it to?
Replies
5
Views
2K
I Preventing specific cases of digital signature forgery and repudiation
Replies
14
Views
2K
Adobe Digital Editions takeover of pdf files
Replies
2
Views
2K
Troubleshooting CMD: Issue with Running .exe Files Using PATH
Replies
19
Views
4K
Compressing PDF documents to oblivion
Replies
10
Views
2K
Seeing a mobile phone screen remotely
Replies
3
Views
2K
Optimizing Round-Off Accuracy in Source Spectrum Calculations
Replies
1
Views
1K

Hot Threads

Recent Insights

Back
Top