Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Digital Signatures ?

  1. Aug 13, 2008 #1
    Digital Signatures ??

    What exactly happens to a file when a digital signature is executed? I am interested in how this is authenticated for both text and image files.
     
  2. jcsd
  3. Aug 13, 2008 #2

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

    Re: Digital Signatures ??

    The file is unchanged, a number is calculated from the contents of the file and your secret key. If the number produces a valid result when calculated with your public key then the signatuere is proved and the file was unaltered.

    http://en.wikipedia.org/wiki/Digital_signature
    The actual algorithm depends on which particular crypto system you are using. The important part is that the other person doesnt need anything secret form you to prove the signture
     
  4. Aug 14, 2008 #3
    Re: Digital Signatures ??

    Thanks mgb. I read the wiki article. I am writing C code for an application that will need to execute a digital signature on image files. Are there standard libraries or plug-ins for this sort of thing?
     
  5. Aug 14, 2008 #4

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

    Re: Digital Signatures ??

    What exactly do you need to do with the image?
    If you just need to prove it wasn't altered then MD5 is the easiest, there are lots of free libs. If you need other people to be able to verify it then Windows includes the CryptoAPI (linux has a simialir set of functions).
    It's not exactly plug and play you do need to understand a little about the topic.

    A good alternative is just to sign the file with PGP (or better gnupg).
    Either way you will also have to generate a key pair and publish the public one - pgp/gnupg has good docs on how to do this.
     
  6. Aug 14, 2008 #5
    Re: Digital Signatures ??

    The image files are gif's. We need to be able to tell (1) that the gif was signed and (2) who signed it. I am not sure if it is preferable to alter the image in this process or just create some kind of log or companion file using the keys. If there are standards for this function out there I would like to adopt those standards.

    Since you said the image is not altered in this process, I am wondering about the log or companion files that record the signature. It seems a little messy to create a separate log file for each signed image. Is it common to create a dated log file for multiple signed images? Or a database, since there are muliple signers?
     
  7. Aug 14, 2008 #6

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

    Re: Digital Signatures ??

    Signing the file simply generates a long number, which is normally written in hex like
    "d3c71afb8b88b1050067633cd8bcc4ca0bae696d", you then have to publish your public key.
    The receiver needs to check it with, this number, the unchanged file and the public key.
    GnuPG contains(GPL licenced) routines to do this.
    There are lots of other sets of ode out there, google have jut launchedone called Keyczar, although it doesnt support C++ yet.
     
  8. Aug 14, 2008 #7
    Re: Digital Signatures ??

    Thanks again mgb... I think I have plenty of sources to work with now.
     
  9. Aug 14, 2008 #8
    Re: Digital Signatures ??

    Is the goal to sign or to watermark the images? These are similar but not identical processes...
     
  10. Aug 14, 2008 #9
    Re: Digital Signatures ??

    To sign. However, the images are not being sent to a recipient, they are just being archived. The purpose is just to document that the image has been viewed, the time and date, and by whom.
     
  11. Aug 15, 2008 #10
    Re: Digital Signatures ??

    Are you planning to store the signatures as metadata in the image file, or in a separate database?
     
  12. Aug 16, 2008 #11
    Re: Digital Signatures ??

    I am leaning towards the separate database, but would listen to opinions on the pros and cons of both approaches.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?



Similar Discussions: Digital Signatures ?
  1. Auto-update signature (Replies: 1)

  2. Digital sampling (Replies: 2)

  3. Digital Networks (Replies: 2)

Loading...