Digital Signatures for Packages

Nov 19, 2012 at 3:33 PM

I was looking at the help and documentation to see if there was support for Digital Signatures of a generated ZIP.  We are looking to ensure the ZIP has not been tampered with. We were using this in the .NET System.IO.Packaging namespace.  I do not see any current support for digital signatures.  Just wanted to confirm that this was the case?

Thanks,
Zach

Apr 12, 2013 at 12:33 AM
Hi Zach

As far as I know there is no support for digitally signing .zip files, but this is because the .zip format itself does not support it

I can think of one workaround that would be to calculate a Hash value (fingerprint) of the .zip file data and then convert that hash value to base64 (readable text) and store that in the ZipFile Comment field.

Then to check if the file has been tampered with you could re-hash the data and compare it to the hash saved in the comment field

Just an idea

Hope it helps