stackoom
  简体   繁体   中英

How to add digital signature (RSA, Certificate, etc) to any of file, using PHP?

 原文  2012-05-02 04:00:06       php/ file/ rsa/ digital-signature

Question

I need to know if any kind of file can be signed digitally, using RSA, a certificate, and that stuff, or if only certain kind of files can be signed. All this, using PHP.

In example: Can a plain text file be signed digitally?, What about images (png, jpeg, bmp)?

I don't need to "attach" an image with a graphic signature.

Thank you for your help.

3 answers

solution1
 12  2013-03-28 13:18:21

Re: can any kind of file be signed digitally, using RSA, a certificate, and that stuff, or if only certain kind of files can be signed?

A: Yes and no. On the one hand, a standard digital signature can be computed for any bundle of bits, including a plain text file, image files, binary files, anything you can imagine.

But then the questions become:

  1. How do you associate the digital signature (which is itself a binary run of bits) with the data file? Does the data file format allow for appending the digital signature to the data? Or do you need to manage the digital signature yourself, perhaps as a separate file, perhaps using your own invented data format?

  2. Once you have the digitally signed data and its signature, how does a recipient verify the data and its signature to assure the recipient of who signed the data (identity) and that the data has not been changed since it was signed (integrity)?

File formats that support digital signatures

The big advantage of file formats that intrinsically support digital signatures is that recipients can verify the digital signature and the file's integrity simply by receiving the signed file and then using their own verification software. The recipient does not need to install anything from the sender.

There are many capable file formats that support digital signatures. Eg, pdf, Word .doc, .docx. Excel .xls, .xlsx. There is a standard for signing xml files . Its benefit is that xml can be used as an envelope for any type of data. For example, a pdf file can be digitally signed and sent to someone. The recipient can then use the standard/free Adobe Reader to open the pdf and verify its digital signature(s).

The "format" for plain text files (file filled with characters) does not support digital signatures. So you'd need an envelope for the text and its digital signature or deal with the digital signature separately. In any case, the recipient would need your software to verify the data. (Or would need to write his own after you provide a specification for the plain text and the signature.)

S/MIME offers a standard way of digitally signing text or other email/mime organized data. See rfc 5751 . But it is not widely used beyond email agents that can generate or receive/verify signed email messages. Outlook does support this.

solution2
 8 ACCPTED  2012-05-03 17:57:08

Using phpseclib, a pure PHP RSA implementation (updated here ): 

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
extract($rsa->createKey());

$plaintext = 'terrafrost';

$rsa->loadKey($privatekey);
$signature = $rsa->sign($plaintext);

$rsa->loadKey($publickey);
echo $rsa->verify($plaintext, $signature) ? 'verified' : 'unverified';
?>

The analog to that with the CLI openssl is as follows: 

openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out signature.txt -sign privatekey.txt plaintext.txt 
openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -prverify privatekey.txt -signature signature.txt plaintext.txt

solution3
 1  2012-05-02 05:08:43

Why do you want to digitally sign these different files?

There is no standard for actually altering text files or images so that the files themselves contain some sort of digital signature.

If you want to assure users that files have not been tampered with you can give them an MD5 hash of the file. They can use free tools to check the MD5 hash of a file they downloaded and compare it to the one you've given to make sure their file was not altered. This would typically be used for software/binary packages that a third party could insert malicious code into.

Another possibility is that you want users to be able to verify the authenticity of certain files. In this case a user might want to be certain that a text file or image came from YOU specifically. This functions almost like getting an MD5 hash of a file with a private key known only to you so that the end user can compare the file signature to your public key to ensure the file has not been tampered with and is coming from a specific source. PGP (pretty good privacy) provides a framework for this.

I suggest you check out the PGP intro documents for more information on this. http://www.pgpi.org/doc/pgpintro/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PhpSpreadsheet - Can I add digital signature to xls file in PHP? Verify digital signature using php Sign digital signature using PHP How to generate Digital Signature using .PFX file and append it to an existing PDF document using PHP? How to add digital signature to pdf How to implement Digital Signature in PHP How do I get a digital signature from a document using PHP How to add digital signature in a pdf having a digital sign on it already with tcpdf in php PHP - Read Digital Signature of an Executable and verify Author, How can I validate digital signatures of an Executable using PHP How to create a digital certificate and export to .p12 file in PHP?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM