Digital signing of printed documents
Hi good people,
I wish to get your views on how I can implement a system that will
capture text of a financial document that is to be printed, run a hash
algorithm (SHA-1) over the document text, store an electronic copy of
the document and its digital signature to disk and lastly print the
document with the electronic signature at the last line of the
document. The financial document can be a ticket/receipt produced by a
POS application or an invoice/delivery note generated by an accounting
The objective is to set up a robust electronic document validation
system that can authenticate electronically produced documents using
Debian GNU/Linux and other open-source tools. My search for an
existing open-source solution did not yield any fruit.
In brief, working of the system shall be as follows using an invoice
1) an invoice generated by an accounting system is sent for printing
on a Samba-CUPS shared network printer
2) the text of the invoice is captured and passed through SHA-1
algorithm to obtain its digital signature.
3) the invoice text is saved in a file named TIMESTAMP_a.txt, the
digital signature is saved in a file named TIMESTAMP_b.txt
4) the invoice text is then sent to the network printer with the
digital signature printed on the last line of the invoice.
5) at the end of day, another SHA-1 algorithm is performed over all
the _b.txt signatures and saved as _c.txt on a programmable read only
memory (PROM) which can be a CD-R in its very basic form. So, for
every working day the system will have a number of _a.txt and _b.txt
files which correspond to the invoices issued on that day and one
_c.txt file that contains the signature of all _b.txt signatures of
6) lastly the _c.txt signatures for any given day is read from the
CD-R and used to verify all the _b.txt signatures kept on disk, which
in turn will verify the _a.txt document which is the copy of the
original issued invoice.
At a high level, my thinking is that such a system can be devised
using Samba and CUPS to capture invoice details on the print queue
then use a myriad of scripts for hashing the invoice text and
appending the signature to the invoice before sending it to the
printer. Scripts can also be used to save the _a.txt and _b.txt in an
auto-generated directory file tree structure. Finally I can use Cron
to automatically run scripts at the end of day to create the _c.txt
signatures and write them to cd using cdrecord.
Do you think this is a reasonable way of going about this project? Is
Samba-CUPS and bash/perl scripting the best tools to use or are there
others? What is your recommendation and advise? Your comments, remarks
or criticism are welcome.
Thanks in advance.