1

I'm working on a LAMP environment (Linux-Apache-MySQL-PHP) and I need to sign documents (PDF, but maybe in a future, I'll use other formats so I'm interested in a general answer).

These documents are uploaded by the admin users, signed (internal process, transparent to admin) and the client users could download the files anywhere, anytime using any web browser.

We need to sign these documents so neither the admin users or the clients may claim the files were modified. The idea is to ensure that the document the admin uploaded in a given date is the document that the client downloaded in a later date without any tamper.

How do I enforce non-repudiation given these constraints?

Ivan
  • 525

1 Answers1

2

The easiest way to enforce these guarantees is using PKI.

PDFs allow signatures, but to enforce non-repudiation you need to have certificates for each person and some central way to manage them.

You could use a truly public key infrastructure where you purchase certificates from e.g. VeriSign or another root CA (certificate authority) for each user, but that can be expensive.

Depending on the size of your organization and the clients involved, you may be able to run your own CA making the cost of issuing certificates zero. However, this would be cumbersome if you have a lot of external clients.

Running your own CA, at a very high level, means you have one root certificate that is self-signed and installed on client machines (this is similar to the certificates installed in your web browser so you can validate e.g. that your bank's web site is who they say it is). You then sign each individual certificate using that root certificate. Clients can validate signatures by checking the signature matches the client certificate, and validating the client certificate against the root certificate.