ow would you create an application that enables a user to retrieve sensitive data from a database and secure it, preventing other users from tampering with it? The application would have the following feature requirements:
- The system must require the user to approve the data.
- The system must store proof that a specific user has read and approved the data.
Timestamps and passwords immediately come to mind, but are they the best solution for such strict data authentication requirements? Because Public Key Infrastructure (PKI) and Digital Signature technology commonly are used in security and privacy software for e-mail, you may not consider them as readilybut you should. PKI and Digital Signatures actually can fulfill the data requirements for your app quite well.
PKI is a framework for message protection and authentication that uses asymmetric encryption. Unlike symmetric encryption algorithms, in which the same key is used to both encrypt and decrypt data, an asymmetric algorithm generates a set of complimentary keys: one for encrypting data and the other for decrypting it. This eliminates the need to share the secret key and also removes the risk of someone intercepting it.
In this article, I will demonstrate how to utilize PKI and Digital Signatures in a sample application that enables users to digitally sign documents, keeping others from modifying them and allowing you to validate user data.