Re: signing small pieces of data
From: Dimitris Papadimitriou (nospam_at_nospam.com)
Date: 03/25/04
- Previous message: Jonathan Ruckert: "RE: How do I keep a FormsAuthenticationTicket up to date ?"
- In reply to: Michel Gallant: "Re: signing small pieces of data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Mar 2004 11:50:44 +0200
Nice one! This is the first signed message I receive!
I wanted your opinion on the way I decided to sign database records:
converting the sql server record into XML, signing it and saving it with the
record it self in the database. This way, users reading the record can
validate the signature and be sure of the identity of the user created the
record.
for instance, consider the following table:
itemID (int), itemDescription (varchar 30), quantity (small int), dateAdded
(datetime), signature (varchar 128)
and the following data:
234 - "my item description" - 3 - 2004/2/25
the XML created it the following:
<record>
<id>234</id>
<itemDescription>my item description</itemDescription>
<quantity>3</quantity>
<dateAdded>2004/2/25</dateAdded>
</record>
Using this XML, I create it's hash digest, sign it with the private key of
the user that saved the record and save the result to the 'signature'
column.
Does this seem as a proper way to sing a record, or have you heard of a
better one?
thx once more!
Dimitris
ps. unfortunately I don't have a key pair to sing the message... yet! :)
- Previous message: Jonathan Ruckert: "RE: How do I keep a FormsAuthenticationTicket up to date ?"
- In reply to: Michel Gallant: "Re: signing small pieces of data"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
