Digital Signature Lifetime

Discussion in 'Computer Security' started by Christian, Jul 21, 2003.

  1. Christian

    Christian Guest

    Hi ng,

    we're digitally signing documents sending them to customers and
    storing them in a DB. The documents' lifetime is several years ( can
    be 10 and more ).

    We're using SHA1/RSA with key strength of 2048.
    Even though this key strength is regarded safe today, it won't be safe
    in some years.

    We need some mechanism to extend the lifetime of the signature. The
    'lifetime extended' doc must be compatible with the customers
    documents ( i.e. the new doc must contain the old signature to assure
    that customer did not tamper with the document ).
    One idea is to digitally re-sign the whole document with a new key of
    appropriate key strength. This looks a bit clumsy as we have to do it
    for all documents we signed once.

    So any other ideas are very welcome!

    Thx
    Christian
    Christian, Jul 21, 2003
    #1
    1. Advertising

  2. Christian

    Robin Guest

    "Christian" <> wrote in message
    news:...
    > Hi ng,

    Hi Christian,
    >
    > we're digitally signing documents sending them to customers and
    > storing them in a DB. The documents' lifetime is several years ( can
    > be 10 and more ).
    >
    > We're using SHA1/RSA with key strength of 2048.
    > Even though this key strength is regarded safe today, it won't be safe
    > in some years.
    >
    > We need some mechanism to extend the lifetime of the signature. The
    > 'lifetime extended' doc must be compatible with the customers
    > documents ( i.e. the new doc must contain the old signature to assure
    > that customer did not tamper with the document ).
    > One idea is to digitally re-sign the whole document with a new key of
    > appropriate key strength. This looks a bit clumsy as we have to do it
    > for all documents we signed once.
    >

    I think you must re-sign the whole document. You could include the old
    signature in the block of data that you are re-signing if you want, but as
    you said the old signature can no longer be regarded as safe.
    Don't forget that the signing operation only works on a hash of the data to
    be signed, and that hash needs to be calculated to verify the signature
    anyway, so if you're signing anything it may as well be the whole document
    again.

    > So any other ideas are very welcome!
    >
    > Thx
    > Christian


    Just my random neurons popping, of course.

    Regards
    Robin
    Robin, Jul 21, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul Lynch
    Replies:
    0
    Views:
    366
    Paul Lynch
    Apr 17, 2004
  2. Guest
    Replies:
    0
    Views:
    533
    Guest
    Apr 17, 2004
  3. kissdadog

    !!!! A chance of a lifetime !!!

    kissdadog, Apr 17, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    398
  4. kissdadog

    !!!! A chance of a lifetime !!!

    kissdadog, Apr 17, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    382
  5. isptrader
    Replies:
    0
    Views:
    564
    isptrader
    Jun 24, 2005
Loading...

Share This Page