PHP creation of signature

Question

I am thinking of a way to create digital signatures. I need this because some files needed to be signed like certificates by a authorized user and the receiving user must see it is from a authorized and also in case of disputes the issued user must verify it is his file.

For that I am trying to upload an image with actual signature inside the image.

Question: Can i get unique values from the signature image?

I am thinking to get unique value from the image and then give to the openssl_sign with an encrypted form of unique values from the signature image as the private key.

By this the issuing user can sign and also verify the file it is his. But the receiving user will require a key to open the file.

Question: Can i give key to user(a key that is only available to receiving user) to open that encrypted file?

I have searched but had trouble finding these things. Please explain these things and please give a better idea if my logic is wrong.

Thanks

Scott Arciszewski · Accepted Answer

First, digital signature is a specific cryptography term. It's a form of public-key cryptography where you sign a message with your private key, and anyone can verify the signature with your public key.

A digital signature is NOT:

A cryptographic hash function, such as MD5 (although they utilize hash functions internally)
A digital equivalent to a traditional pen-and-paper signature

If you need a "digital" equivalent to a pen-and-paper signature for legal reasons, consult a lawyer. Throwing cryptography at a legal problem is scarcely a good move, especially since most law professionals don't even know what RSA stands for, let alone how it works.

If it turns out you just want a cryptographic digital signature, grab libsodium and use crypto_sign_detached(). It's way more secure what PHP gives you natively (openssl_sign() is RSA + SHA1).

PHP creation of signature

Answers (2)

Related Questions