Digital Signatures

The particular intent of a message digest, on the other hand, is to protect against human tampering by relying on functions that are computationally infeasible to spoof. A message digest should also be much longer than a simple checksum so that any given message may be assumed to result in a unique value.

A digital signature may be formed by reverse encrypting a message digest using the private key of a public key encryption pair (ref. 20). A later decryption using the corresponding publically available key guarantees that the signature could only have been generated by the holder of the private key, while the message digest uniquely identifies the document (or image) that was signed. Support for digital signatures could be added to the FITS standard by defining a FITS extension format to contain the digital signature certificates, or perhaps by simply embedding them in an appended FITS table extension.

There is a tradeoff between the error detection capability of these algorithms and their speed. The overhead of a digital signature (or a software emulated CRC) is prohibitive for multi-megabyte files today, but may be essential for certain purposes (for instance, archival storage) in the future. The checksum defined by this proposal provides a way to verify FITS data against likely random errors, while on the other hand a full digital signature may be required to protect the same data against systematic errors, especially human tampering.