up vote 0 down vote favorite

I am facing an impossible (?) problem but I'd like to find a solution that satisfies cryptographers and the users of my program.

My program is able to sign a 'project' (bunch of files). For that I invented an xml list format with relative file names, digests and hash algorithm. The whole xml file is signed using DSIG+XAdEs. Counter signing is possible. Everybody happy.

Now it turns out, some files do support signing + counter sign themselves (docx,Pdf). Customers want them to be twicely signed, too.

This tuns out to be a dilemma, since a inner signature can not be updated once there is an outer signature. But in order to counter sign I have to update it and screw the old hash.

What would be the usual solution for that problem?

i.e. Omit the Hash and require the signers+time stamps to be identical?

Required: Keep up the bunch of files (that belong together) character of the outer signature. So to say as a bracket.

share|improve this question
    
What do you mean by pdf and word signature? Is it a signature included by WORD / ADOBE or is it external? Maybe show to your client that mathematically, the project signature superseed the file signature. Or require the pdf/docx files to be always signed before makinga project signature. – Biv 4 hours ago
    
Are you looking for a solution which strictly keeps you current "outer signatures", or for a solution for future projects which will keep a to-be-created outer signature intact while enabling you to append an inner signature? – mat 4 hours ago
    
My solution uses the intrinsic signature features of pdf and the "package" format. Customers want to keep the outer signature intact while adding a second signature to the "inner" signatures of the individual files, where possible. Still some file types remain only secured by the bracket signature. – Robetto 2 hours ago

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.