tags:

views:

93

answers:

2
+1  Q: 

Must a secure cryptographic signature reside outside of the file it refers to?

I'm programming a pet project in Python, and it involves users A & B interacting over network, attempting to insure that each has a local copy of the same file from user C.

The idea is that C gives each a file that has been digitally signed. A & B trade the digital signatures they have, and check it out on their own copy. If the signature fails, then one of them has an incorrect/corrupt/modified version of the file.

The question is, therefore, can C distribute a single file that somehow includes it's own signature? Or does C need to supply the file and signature separately?

+4  A: 

If you have control over the file format, yes. Include the signature in a header before the content proper, and make the signature cover only the content section of the file, not the entire file. Something like:

SIGNATURE=72ba51288199b829a4b9ca2ac911e60c
BEGIN_CONTENTS
... real file contents here ...
Jason Creighton  2009-07-15 17:29:07
thanks for the sample.
hewhocutsdown  2009-07-15 18:26:40
+5  A: 

The digital signature from C alone should be enough for both A and B to confirm that their file is not corrupted, without ever communicating with eachother. If A and B did not receive a signature from C, they could each create a cryptographic hash of the file and compare the hash, but that does not require any digital signing on C's part.

If you want C to sign the file, either send the signature and the file seperately, or wrap them both in some sort of container, such as a zip file or home grown solution (e.g., the first line in the file represents the signature, the rest is the payload).

To answer your question literally, the signature doesn't have to be outside the file per se, but the part that is being signed cannot include the signature itself.

Matt Bridges  2009-07-15 17:31:27
That answers my question, I believe. There's not really a clean solution, as the file format in question is already a .zip file. Creating a .zip file with a custom header probably isn't a good idea, but neither is nested .zips, so perhaps separation is the way to go. Thank you.
hewhocutsdown  2009-07-15 18:25:31
The zip format supports arbitrary leading and trailing data. You could simply append or prepend the file's hash to the zipfile, and it'll still be a valid zip.
Nick Johnson  2009-07-16 09:01:12

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python