SavaPage generates a digital signature for every document printed-out or downloaded. Digital signatures are generated using a cryptographic technique called Hash-based Message Authentication Code (HMAC)[36]. The algorithm takes various output job attributes such as job time, user name, document name and UUID, and combines them with a secret key. The result is then passed through the MD5 digest algorithm. The resulting signature is unique to the document instance [37]. The applied secret key ensures the authenticity of the signature.
The algorithm used is:
Digest = Hash(date time || user name || document name || document
UUID)
Signature = Hash(Digest || Key)
where
Key is a random string generated by SavaPage at
initial installation. It is stored as hmac.key property in
the
/opt/savapage/server/data/encryption.properties
file, which is also used for Encrypted
Secrets.
Hash is the MD5 function.
date time is formatted in ISO 8601 basic
format from year to second (yyyyMMddTHHmmss). The time is
local time (not UTC). E.g. 20120906T151231.
The signature is stored in the database for future use.
[37] The SHA1 digest algorithm is a stronger alternative, but MD5 is secure enough for our application and generates shorter signatures, which are easier to enter as argument to find the matching document.