How to add digital signature (RSA, Certificate, etc) to any of file, using PHP?

Question

I need to know if any kind of file can be signed digitally, using RSA, a certificate, and that stuff, or if only certain kind of files can be signed. All this, using PHP.

In example: Can a plain text file be signed digitally?, What about images (png, jpeg, bmp)?

I don't need to "attach" an image with a graphic signature.

Thank you for your help.

Answer 1

Re: can any kind of file be signed digitally, using RSA, a certificate, and that stuff, or if only certain kind of files can be signed?

A: Yes and no. On the one hand, a standard digital signature can be computed for any bundle of bits, including a plain text file, image files, binary files, anything you can imagine.

But then the questions become:

1. How do you associate the digital signature (which is itself a binary run of bits) with the data file? Does the data file format allow for appending the digital signature to the data? Or do you need to manage the digital signature yourself, perhaps as a separate file, perhaps using your own invented data format?

2. Once you have the digitally signed data and its signature, how does a recipient verify the data and its signature to assure the recipient of who signed the data (identity) and that the data has not been changed since it was signed (integrity)?

File formats that support digital signatures

The big advantage of file formats that intrinsically support digital signatures is that recipients can verify the digital signature and the file's integrity simply by receiving the signed file and then using their own verification software. The recipient does not need to install anything from the sender.

There are many capable file formats that support digital signatures. Eg, pdf, Word .doc, .docx. Excel .xls, .xlsx. There is a standard for signing xml files. Its benefit is that xml can be used as an envelope for any type of data. For example, a pdf file can be digitally signed and sent to someone. The recipient can then use the standard/free Adobe Reader to open the pdf and verify its digital signature(s).

The "format" for plain text files (file filled with characters) does not support digital signatures. So you'd need an envelope for the text and its digital signature or deal with the digital signature separately. In any case, the recipient would need your software to verify the data. (Or would need to write his own after you provide a specification for the plain text and the signature.)

S/MIME offers a standard way of digitally signing text or other email/mime organized data. See rfc 5751. But it is not widely used beyond email agents that can generate or receive/verify signed email messages. Outlook does support this.