https://stackoverflow.com/questions/22674507
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIf you're asking questions about cryptography on Stack Overflow, you're in over your head and will undoubtedly make a minor but important mistake that renders your work completely invalid. Cryptography is very hard to get completely correct, and even then you will have to keep your application up-to-date as various new techniques to circumvent things are discovered.
Use an off-the-shelf solution that's proven to work like GnuPG to handle your signing. Even then you'll need to ensure it's installed correctly, that you're handling the data correctly and calling the correct functions to validate the signatures.
Long story short: Find someone qualified and/or certified to do this and follow their advice to the letter. Get their solution vetted by a third party that can be trusted.
What you want to do here in general terms is get both parties to cryptographically sign the contents of the original message. That way in order to change the contents, both parties would have to "collude", something that's not likely if one party is trying to sabotage the other.
This requires both parties to have a secured, unknown private key that's used for these operations. Managing these is considerable overhead for your application unless you have a way of installing client software that does it for them. Even then, generating and protecting keys is anything but fun.
If you want to learn more about the nuances of cryptography, you will need to read The Book.
