Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Digital Signature Lifetime

Reply
Thread Tools

Digital Signature Lifetime

 
 
Christian
Guest
Posts: n/a
 
      07-21-2003
Hi ng,

we're digitally signing documents sending them to customers and
storing them in a DB. The documents' lifetime is several years ( can
be 10 and more ).

We're using SHA1/RSA with key strength of 2048.
Even though this key strength is regarded safe today, it won't be safe
in some years.

We need some mechanism to extend the lifetime of the signature. The
'lifetime extended' doc must be compatible with the customers
documents ( i.e. the new doc must contain the old signature to assure
that customer did not tamper with the document ).
One idea is to digitally re-sign the whole document with a new key of
appropriate key strength. This looks a bit clumsy as we have to do it
for all documents we signed once.

So any other ideas are very welcome!

Thx
Christian
 
Reply With Quote
 
 
 
 
Robin
Guest
Posts: n/a
 
      07-21-2003
"Christian" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hi ng,

Hi Christian,
>
> we're digitally signing documents sending them to customers and
> storing them in a DB. The documents' lifetime is several years ( can
> be 10 and more ).
>
> We're using SHA1/RSA with key strength of 2048.
> Even though this key strength is regarded safe today, it won't be safe
> in some years.
>
> We need some mechanism to extend the lifetime of the signature. The
> 'lifetime extended' doc must be compatible with the customers
> documents ( i.e. the new doc must contain the old signature to assure
> that customer did not tamper with the document ).
> One idea is to digitally re-sign the whole document with a new key of
> appropriate key strength. This looks a bit clumsy as we have to do it
> for all documents we signed once.
>

I think you must re-sign the whole document. You could include the old
signature in the block of data that you are re-signing if you want, but as
you said the old signature can no longer be regarded as safe.
Don't forget that the signing operation only works on a hash of the data to
be signed, and that hash needs to be calculated to verify the signature
anyway, so if you're signing anything it may as well be the whole document
again.

> So any other ideas are very welcome!
>
> Thx
> Christian


Just my random neurons popping, of course.

Regards
Robin




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Turning a signature-changing decorator into a signature-preservingone Gustavo Narea Python 14 02-16-2009 04:58 PM
Re: a kind of digital signature for a record in a table .... Scott Allen ASP .Net 0 09-20-2005 08:17 PM
UTF-8 with signature & UTF-8 without signature JJBW ASP .Net 1 04-24-2004 10:21 AM
digital signature usage in asp.net caldera ASP .Net 0 04-22-2004 07:13 PM
Digital Signature No Cheques Cash only Computer Support 2 03-04-2004 10:58 PM



Advertisments