Sign Files - Create Digital File Signatures (Digitally Sign Files). Generate Authentication Public-Private Key Pairs.

This section discusses the Sign Files functionality of the Authenticator module.

The Sign Files process is a procedure which generates a small file called a file-signature (or just "signature") from the content of the file being signed using a special private password called the Private Key (or Signature Key). For a detailed explanation of the principles of authentication and file-signing please review the Introduction to the Authenticator module. To simplify the handling of the signed file and the signature, it is possible to append the signature to the signed file. The resulting file however needs to be signaled in some manner as containing its own signature, or otherwise it may be used together with the signature as a single file and that would be the same as if the files had been corrupted. If the signature is appended to the signed file, one would need to first detach the signature from the file and then verify the signature and use the file. Depending on the procedure used to create the file signature it exhibits different properties. There are two main types of signatures:

Signatures to confirm the integrity of the data and the origin of the file. This is the common use of the term file signature and is performed by the Sign Files functionality.
Signatures to confirm the integrity of the data only. These signatures are also known as hash codes and are performed by the Hash Files functionality. Hashes are produced without using a Private Key.

Capture: Sign Files

Operation

To sign files, you need to select the files and folders in the selected items control of the Sign Files functionality. Adding folders to the selection controls makes Act On File sign all files contained in the selected folders. If there are any shortcuts in the selected folders, they will be followed or ignored according the selection in the Shortcuts combo-box. To sign the selected items you need to supply the Signature (private authentication) Key in the Private Key field. If you do not already have a signature key, or if you require a new one, you can click the "Generate New Key" button, which will open the "Generate New Key For Authentication" dialog where you can generate a new public-private key pair for authentication. Remember that private keys must be kept secret at all times! Once you supply the private authentication signature key, adjust the signature controls and the destination of the signatures and then click OK to start the process of signing.

The signatures are either deposited in the destination location or are appended to the signed file. When the signatures are appended to the signed file, the file is renamed and a new ".signed" extension is appended after the original file extension. When signatures are kept in separate files, the file signatures are called "[signed filename].[signed extension].signature".

Controls

Selection Controls

These controls are used to select and display the files and folders for the operation, and the signing (private authentication) key. In addition to the Add Files, Add Folders and Remove buttons, you can use the standard clipboard, drag and drop, and keyboard operations.

Shortcuts

Select the behavior of the functionality in respect to any shortcuts that might be present in the selected folders.

Target

Any shortcut located in selected folder will be dereferenced and its target file or folder will be treated as if it were selected.

Ignore

Any shortcut located in selected folder will be ignored.

Private Key

Select or enter the path to the Private Key that is to be used for creating the digital signatures of the selected files. Remember to keep Private Keys safe and secret until such a time as they are to be destroyed using True Delete.

Operation Controls

These controls are used to control the operation of the module and thus directly affect results.

Hash type

Select the hashing algorithm to be used to hash the data. In order to minimize and unify their size, digital signatures are produced on a hash of the raw data and not on the raw data itself.

SHA, U.S. DSA Secure Hash Algorithm

This algorithm generates a 160-bit hash value.

MD2, Message Digest

This algorithm generates a 128-bit hash value.

MD4, Message Digest

This algorithm generates a 128-bit hash value.

MD5, Message Digest

This algorithm generates a 128-bit hash value.

Flags

The signing function requires that the signed data has a size multiple of a particular number. To adjust its size, the system will add padding when necessary.

PKCS#1

Use PKCS#1 padding.

X.931 + PKCS#7

Use X.931 + PKCS#7 padding.

Byte Order

The signature can be produced and exported in Big-Endian or Little-Endian byte order. The Byte Order is important when verifying signatures. Note that different platforms may have different byte orders which can cause verification failures.

Big-Endian

Produce signatures in Big-Endian byte order.

Little-Endian

Produce signatures in Little-Endian byte order.

Set Defaults

The Set Defaults is a user friendly button to set the Operation Controls to a default selection of properties in order help users who might find the settings confusing.

Generate New Key

Select this button to invoke the dialog used to generate a new Public-Private Key pair for authentication, or the Public Key of an already existing Private Key for authentication.

Generate New Key For Authentication Dialog

Sign Files Generate Signature Public Private Key Pair

Use this dialog to generate a new Public-Private Key pair for authentication, or the Public Key of an already existing Private Key for authentication.

Operation

Select whether to generate a new Public-Private Keys pair, or only the Public Key of an already existing Private Key.

Generate New Private-Public Key Pair

Choose this option to make the functionality generate a new set of keys with the selected key length.

Length

Select the length of the key that will be generated. Smaller keys are easier to break than larger ones. However, the time it takes to generate and import larger keys also increases. It also takes more time to sign files using longer keys. At present, a key length of 2048 bits is considered strong. This option is only meaningful when generating a new Private-Public Key Pair.

Save private key as

Choose path and filename for the newly generated Private Key. Remember that Private Keys must be kept safe and secret until such a time as they are to be destroyed using True Delete.

Save public key as

Choose path and filename for the newly generated Public Key. Give the Public Key to any other party, so that they can authenticate information signed and sent by the owner of the Private Key. Public Keys must be supplied in a way that guarantees that the key belongs to its owner. We publish our Public Key on our website.

Produce Public Key From Private Key

Select this option when a Private Key already exists, and only its Public counterpart is required. Private Keys must always be kept safe and secret, while public keys are intended to be made public. The owner of the Private Key need not always keep a copy of the Public Key, instead they could keep only the Private Key and produce the Public Key at any time and supply it to other parties as needed.

Source private key

Select the Private Key for authentication whose Public counterpart will be produced. Remember that Private Keys must be kept safe and secret until such a time as they are to be destroyed using True Delete.

Produce public key

Choose path and filename for the generated Public Key for authentication. Give the Public Key to any other party, so that they can authenticate information signed and sent by the owner of the Private Key. Public Keys must be supplied in a way that guarantees that the key belongs to its owner. We publish our Public Key on our website.

Use this private key to sign the selected files

Set this checkbox to copy the path of the selected Private Key into the Private Key selection control of the Sign Files functionality to be used to sign the selected files and folders content.

On Top

Sets and clears the Always On Top flag on the owner Sign Files window. This checkbox adds or removes the window from the group of Top-most windows.

Commits to work.

Cancel

Closes the dialog without doing any work and returns the control to its owner Sign Files dialog.

Destination Controls

These controls are used to direct the output location to where the module will place the signatures.

Destination

Select the output type and location.

Append to File

Each signature will be appended at the end of the signed file. The ".signed" extension will be added to the filename and will be the new filename extension.

Common Place

All produced signatures are stored in the target folder and are named "[signed filename].[signed extension].signature". Caution is required as signatures with matching names may overwrite each other.

Original Location

The signatures are deposited in the same folder where the signed file resides and are named "[signed filename].[signed extension].signature"

Reflecting Tree

The directory structure of the selected files and folders will be replicated under the selected target destination folder. Each file signature is named "[signed filename].[signed extension].signature" and is deposited in the newly created folder respective to the folder containing the signed file.

at folder

Select folder to be used for the "Common Place" and "Reflecting Tree" options.

Send email

Set this checkbox to request the module to start the default e-mail software installed on the machine and attach the signed files, or the source files and their signatures to a new e-mail message.

Window Controls

These controls have generic meanings.

On Top

Sets and clears the Always On Top flag on the window. This checkbox adds or removes the window from the group of Top-most windows.

Commits to work and creates the required signatures. Before work begins, an Import or Generate Signature Key(s) message will be displayed.

Cancel

Closes the window without doing any work. The last selected properties are stored.