Fingerprint Documentation

  1. Introduction
  2. Installation
  3. Generating Fingerprints
  4. Comparing Fingerprints
  5. Archival Usage
  6. Data Preservation
  7. Data Transmission
  8. Backup Integrity
  9. Security Tripwire
  10. Cryptographic Sealing
  11. Notarizing
  12. Final Words

Fingerprint can be used to ensure that a set of files has been delivered without manipulation, by creating a fingerprint and signing this with a private key. The fingerprint and associated files can later be verified using the public key.

Generating Keys

To sign fingerprints, the first step is to create a private and public key pair. This is easily achieved using OpenSSL:

-- Create a private key, which you must keep secure.
$ openssl genrsa -out private-signature.pem 2048
<span class="stderr">Generating RSA private key, 2048 bit long modulus</span>
<span class="stderr">.............+++</span>
<span class="stderr">........+++</span>
<span class="stderr">e is 65537 (0x10001)</span>

-- Create a public key, which can be used to verify sealed fingerprints.
$ openssl rsa -in private-signature.pem -pubout -out public-signature.pem
<span class="stderr">writing RSA key</span>

Signing Fingerprints

After you have generated a fingerprint, you can sign it easily using the private key:

-- You can replace '._index.signature' and '._index.fingerprint' with whatever names you have used.
-- We assume here that you are using fingerprint -a to generate fingerprints.
$ openssl dgst -sha1 -sign private-signature.pem -out ._index.signature ._index.fingerprint

Verifying Fingerprints

You can easily verify the security of the fingerprint data:

$ openssl dgst -sha1 -verify public-signature.pem -signature ._index.signature ._index.fingerprint
Verified OK
-- Fingerprint data has been cryptographically verified

$ fingerprint -v
S 
	error.count 0
<span class="stderr">Data verified, 0 errors found.</span>
-- File list has been checked and no errors.

As long as private key is kept secure, we can be sure that these files have not been tampered with.