Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

Digitally Sign files

How can I digitally sign/validate certain files such as (.Txt, . Doc, . Xls, .rpt).
1 Solution
Jacques Bourgeois (James Burger)PresidentCommented:
In order to sign a file, you need to add something to it. This thus changes the format of the file, and most of the time, software that usually reads that type of file cannot recorgnize it as valid and will generate an error or do strange things with it.

Sign a .txt file for instance, and what looks like garbage will show at the end of the file in Notepad. Most people will see it as garbage, but if they are bright enough, they will understand that this is a signature and will be able to simply copy it in any other text file. A signature that can be copied so easily is worthless. So, signing a .txt file is usually useless. In such cases however, if somebody wants to validate the file, you might want to send him the file as an attachment in a message. Good mail software such as Outlook have the option to send signed messages. In order to do so however, you need a certificate, a file that is used to sign the message.

This is different if the software that handles the type of file is designed to handle signed files. In case such as these, then each type of application has its own way of signing a file.

In Office for instance, you can sign a Word or Excel document with a certificate generated by SelfCert.exe, a tool that can be optionally be installed with Office. The signature will then be recognized when somebody tries to open the signed file. In .NET, there is a tool in the project's Properties window that enable you to sign an assembly as you compile it.

The certificate used for Office documents is not the same as the one used to sign a .NET application. You need both. And both have their own mechanism to sign the type of file it generates.

So there is not standardized way of signing a file.

And there is the question of the validity of the signature.

Since a certificate that you generated yourself with the Office SelfCert tool is created by you, and since it can easily be imitated, it has little valid use outside of your own environment. A company or bank that insists on a signature will usually not accept that type of signature.

Inside of a company, such a signature can be generated that is recognized everywhere in the company.

For distribution outside of the company, a good signatures needs to be generated by a third party, such as VeriSign, and you have to pay to obtain such a signature.
rflorencioAuthor Commented:
What was intended is validate if certain documents were modified. Although he was in an environment outside the company, this information would be important only to me.
But that meant nothing was added to the files to validate.
I honestly do not know if this is the right way, because I'm not very comfortable in this area.
How i intend to validate  many file extensions, which will be the best way to implement?

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now