Cryptographic verification provides mathematical proof that content has not been tampered with. This module covers hash functions, digital signatures, and chain-of-custody verification.
Hash-Based Integrity Checking
A cryptographic hash function takes any input and produces a fixed-length fingerprint. Change a single bit of the input and the hash changes completely. This property makes hashes ideal for verifying that content has not been modified.
Digital Signatures
While hashes verify integrity, digital signatures verify both integrity and authenticity. A signature proves who created or approved the content and that it has not changed since signing.
Signing
The author hashes the content, then encrypts the hash with their private key. The encrypted hash is the digital signature, attached to the content.
Verification
Anyone can decrypt the signature using the author's public key, then compare the result against a fresh hash of the content. Match means authentic and unmodified.
Certificate Chains of Trust
Digital signatures depend on trusting the public key. Certificate authorities (CAs) create chains of trust — a CA vouches for an organization, which vouches for individual signers. The same infrastructure that secures HTTPS secures content provenance.
| Algorithm | Key Size | Use Case | Status |
|---|---|---|---|
| RSA | 2048-4096 bit | Document signing, S/MIME | Widely Used |
| ECDSA | 256-384 bit | C2PA, mobile signing | Recommended |
| Ed25519 | 256 bit | Git commits, SSH | Recommended |
This module provides the cryptographic foundation for C2PA Standards and connects to the metadata analysis techniques in Metadata & Provenance Analysis.