Cantsin> A crude approach would be to sign every paragraph Cantsin> or line separately, but that's obviously inelegant.
Geiger> Well this could be done by creating a document signature Geiger> and then a collection of sub signatures but it can get ugly real quick.
Creating chains of hashes lets you do this without having to do signatures on each piece - you just sign the hash at the end. So you'd create hash_page_1 = hash( hash(page_1_para_1), hash(page_1_para_2)...) hash_final = hash( hash_page_1, hash_page_2, ... ) sign( hash_final, signaturekey ) or whatever hierarchy you like, and to demonstrate you've got page_2_para_2 correctly, you provide the hashes for all the page, and the hashes for all the paragraphs on page 2. But then Geiger brings out the other important point:
Then what does the sub signature really tell you? Yes you can verify that the quote was written by someone but it may be taken completely out of context. How about when several blocks of text from different messages are combined. Each individual block checks out but by combining them the text has a completely different meaning than the original document.
Thanks! Bill Bill Stewart, stewarts@ix.netcom.com Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639