digital signature - transmitting excel file when user make minor changes result in different signature.

Question

I have an application that converts specific excel files to XML and transmit it to another application. One of the requirement in the transmission is to have a unique-number tag (REFNUM) in the XML. The reason for this is to avoid multiple transmissions of the same file.

My intuitive approach for this is to create a digital signature of the file (MD5/SHA) and embed the signature in the REFNUM tag (after converting the hex to decimal).

Problem is that sometimes a user can simply make a minor change such as resizing one of the column and that creates a completely different signature. So from systen point of view this is a new file that has never been transmitted.

Question: how can I avoid it or maybe digital signature is not the right solution? Thanks!

Answer 1

Don't use a cryptographic hash / digital signature for this. They're designed so that a single bit change anywhere in the file will generate a completely different hash/signature. Other options would be a simple serial counter, incremented for each "significant" change (but how to determine that is unclear), or maybe a timestamp (maybe combined with additional info about the author or system), or something along the lines of a UUID, or maybe even just a random number (choose a large enough range that your chance of collisions is sufficiently low, though).