Re: signing small pieces of data

From: Michel Gallant (neutron_at_NOSPAMistar.ca)
Date: 03/24/04 

Date: Wed, 24 Mar 2004 15:33:42 -0500

"Dimitris Papadimitriou" <nospam@nospam.com> wrote in message
news:uHjxhudEEHA.3412@TK2MSFTNGP10.phx.gbl...
> Thx for you quick response Michel!

> Check this out: I want the end-user to be able to sign an entire record of
> an sql server table, so that other users can be sure that the data of this
> particular record was entered by him/her and that they haven't been altered
> ever since. After the end-user enteres the data, my application creates an
> XML string of these data, then a hash digest of this XML, which is finally
> encrypted using the end-user's private key. The encrypted piece of data is
> attached to the initial record (for instance in a field created for this
> purpose in the table), creating a digitally singed database record!
>
> How do you find this idea? Would this be a proper way to digitally sign
> database records?

Well, this is exactly what I have done here :-). Of course no server is doing
the signing on my behalf .. I am in charge of the signing (is that what you meant?)
So, here the content above has been hashed (SHA1) and then built into a nices
PKCS#1 encryption block, with that hash stuffed into it along with algID etc..
and then signed with my private RSA key and returned to the (news) server.

I can't deny snipping out some of the original content now :-)
Cheers,
- Mitch

Relevant Pages