开发者

Integrity and Authenticity

开发者 https://www.devze.com 2022-12-14 20:50 出处:网络
Sorry to keep asking so many questions, but you guys always seem to be so nice and helpful... I need to do some application t开发者_JAVA技巧hat imports data from a file. For instance, user selects on

Sorry to keep asking so many questions, but you guys always seem to be so nice and helpful...

I need to do some application t开发者_JAVA技巧hat imports data from a file. For instance, user selects one file and the application imports some data to database.

But I've been thinking, and this kind of app leads to a problem of integrity and authenticity of files. If a user changes the file the application is not allowed to use that information. And if one file is not from a source well known, the application can't use that file.

How do I do this kind of thing?

P.S.: I'm using C#.NET


Authentication and integrity are provided by digital signatures.

Follow driis' advice if you control the file format.

Alternately, if the file is XML, use an XML Signature.

Using C#/.NET:

  • Sign XML Documents
  • Verify the Digital Signatures of XML Documents


If you can control the source file format, you can embed a digital signature. If you base the signature on a hash of the file contents, then you can be sure that the file comes from a trusted source, and that is has not been tampered with.


It depends on how strong you want this protection.

For example, you can have an xml file (for human readability) which has a hash node somewhere which contains the hash of the original file (+salt). This can be updated by the program, but the user can have a harder time figuring out what that key means. When the program opens the file, it calculates the hash and checks if it's the same as the one written in the file.

You can even take one step further and use digital signatures, but that's way more complicated.

0

精彩评论

暂无评论...
验证码 换一张
取 消