1

I have to implement a digital signature system into a software that create 3D projects. Several users work on the same project, on different elements of the object. I want each user (or group of users) to sign the part they worked on (as an xml in memory) and store the signature in the project files. And also for everyone to verify the signature, all this on the software without using signing software. My questions are:

  • Do I need a CA to provide a certificate to each user, or can each user use a self-signed cert (on a windows server)?
  • If there is an existing PKI, is there a way to use it for my addin?
  • Also, do I need to use an X.509 certificate knowing that it's not going to be checked by a browser?
Kristof U.
  • 1,263
  • 10
  • 17
RichardD
  • 11
  • 1
  • You need signing to *verify* who did what. If the users use a self signed certificate what's the point of signing? Anyone will be able to sign anything with anyone's name and no-one will be able to verify anything. As for PKI, Windows domains already have Certificate Services which allow the use of certificates in a domain, eg to encrypt files, sign documents, communications between domain computers etc. – Panagiotis Kanavos Apr 24 '18 at 13:36
  • What are you trying to do with digital signatures anyway? They are used to *validate* that some content was created by a specific author and wasn't altered. If you don't trust the author's certificate they become meaningless – Panagiotis Kanavos Apr 24 '18 at 13:38
  • What I meant was can a network admin sign the users certificates, or is it better to go for an external organism? – RichardD Apr 24 '18 at 15:04
  • You can always create a self-signed Root CA and/or Intermediary CA with openssl, keytool or KeystoreExplorer, and sign your user's CSRs to produce certificates that will be valid in your own business context. However, this also implies managing your CRL or OCSP responder, which might be a little overkill. – veebee Apr 25 '18 at 12:55
  • 1
    ... and define a signature policy for your company or project. – veebee Apr 25 '18 at 13:06
  • List of prices: https://stackoverflow.com/a/58559506/46207 – Gabriel Dec 29 '21 at 10:02

0 Answers0