Digital Signatures: How Files are Authenticated

  • Thread starter Thread starter sysreset
  • Start date Start date
  • Tags Tags
    Digital
Click For Summary

Discussion Overview

The discussion revolves around the process and implications of digital signatures, particularly in the context of authenticating text and image files. Participants explore technical aspects, implementation in C code, and considerations for managing signed image files.

Discussion Character

  • Technical explanation
  • Exploratory
  • Debate/contested

Main Points Raised

  • Some participants explain that a digital signature involves calculating a number from the file's contents and a secret key, which can be verified using a public key.
  • There is mention of various cryptographic systems and algorithms that can be used for digital signatures, with an emphasis on the importance of not needing to share secret information for verification.
  • One participant inquires about standard libraries or plugins for implementing digital signatures in C code for image files.
  • Another participant suggests using MD5 for proving file integrity and mentions available libraries, as well as the CryptoAPI for Windows and similar functions in Linux.
  • There is a discussion about whether to alter the image file during the signing process or to create a separate log or companion file to record the signature.
  • Participants discuss the practicality of creating separate log files for each signed image versus maintaining a dated log file or database for multiple signed images.
  • One participant clarifies that the goal is to sign the images for archival purposes, documenting who viewed the image and when.
  • There is a question regarding whether to store signatures as metadata within the image file or in a separate database, with interest in the pros and cons of each approach.

Areas of Agreement / Disagreement

Participants express various viewpoints on the implementation of digital signatures and the management of signed image files, indicating that multiple competing views remain regarding the best practices and methods for achieving the desired outcomes.

Contextual Notes

Participants have not reached a consensus on the best approach for managing digital signatures and the associated data, highlighting the complexity and variability of the topic.

sysreset
Messages
137
Reaction score
0
Digital Signatures ??

What exactly happens to a file when a digital signature is executed? I am interested in how this is authenticated for both text and image files.
 
Computer science news on Phys.org


The file is unchanged, a number is calculated from the contents of the file and your secret key. If the number produces a valid result when calculated with your public key then the signatuere is proved and the file was unaltered.

http://en.wikipedia.org/wiki/Digital_signature
The actual algorithm depends on which particular crypto system you are using. The important part is that the other person doesn't need anything secret form you to prove the signture
 


Thanks mgb. I read the wiki article. I am writing C code for an application that will need to execute a digital signature on image files. Are there standard libraries or plug-ins for this sort of thing?
 


What exactly do you need to do with the image?
If you just need to prove it wasn't altered then MD5 is the easiest, there are lots of free libs. If you need other people to be able to verify it then Windows includes the CryptoAPI (linux has a simialir set of functions).
It's not exactly plug and play you do need to understand a little about the topic.

A good alternative is just to sign the file with PGP (or better gnupg).
Either way you will also have to generate a key pair and publish the public one - pgp/gnupg has good docs on how to do this.
 


The image files are gif's. We need to be able to tell (1) that the gif was signed and (2) who signed it. I am not sure if it is preferable to alter the image in this process or just create some kind of log or companion file using the keys. If there are standards for this function out there I would like to adopt those standards.

Since you said the image is not altered in this process, I am wondering about the log or companion files that record the signature. It seems a little messy to create a separate log file for each signed image. Is it common to create a dated log file for multiple signed images? Or a database, since there are muliple signers?
 


Signing the file simply generates a long number, which is normally written in hex like
"d3c71afb8b88b1050067633cd8bcc4ca0bae696d", you then have to publish your public key.
The receiver needs to check it with, this number, the unchanged file and the public key.
GnuPG contains(GPL licenced) routines to do this.
There are lots of other sets of ode out there, google have jut launchedone called Keyczar, although it doesn't support C++ yet.
 


Thanks again mgb... I think I have plenty of sources to work with now.
 


Is the goal to sign or to watermark the images? These are similar but not identical processes...
 


To sign. However, the images are not being sent to a recipient, they are just being archived. The purpose is just to document that the image has been viewed, the time and date, and by whom.
 
  • #10


Are you planning to store the signatures as metadata in the image file, or in a separate database?
 
  • #11


I am leaning towards the separate database, but would listen to opinions on the pros and cons of both approaches.
 

Similar threads

How can you trade non integer values of Bitcoin?
  • · Replies 5 ·
Replies
5
Views
2K
Insights Digital Filtering and Exact Reconstruction of Digital Audio
  • · Replies 0 ·
Replies
0
Views
4K
Steganographic Data File Searches
  • · Replies 15 ·
Replies
15
Views
2K
Optimizing a digital assistant to behave how I want it to?
  • · Replies 5 ·
Replies
5
Views
2K
Undergrad Preventing specific cases of digital signature forgery and repudiation
  • · Replies 14 ·
Replies
14
Views
2K
Adobe Digital Editions takeover of pdf files
  • · Replies 2 ·
Replies
2
Views
2K
Troubleshooting CMD: Issue with Running .exe Files Using PATH
  • · Replies 19 ·
Replies
19
Views
6K
Compressing PDF documents to oblivion
  • · Replies 10 ·
Replies
10
Views
2K
Seeing a mobile phone screen remotely
  • · Replies 3 ·
Replies
3
Views
2K
Analog to digital signal converter in digital cameras
  • · Replies 5 ·
Replies
5
Views
3K