Me and other developers in my office encountered in this scenario :
We are an Insurance company which needs to send files to our customers.
But we need 2 things :
From The customers Point of view :
- How can I be sure that this file that was sent to me is from My insurance company ?
- How can I be sure that this file is the original file that was sent to me ?
for 2) i thought that I should use md5 and send it to the users – but this also needs its genuine… so Im in a dead end.
What is the best approach for this ?
p.s.
We don’t want to open a virtual drive on our site – and let each costumer a username and Password.
This is exactly what public key encryption (aka asymmetric encryption) was made for.
You have a public key and a private key. You give the public key out to anybody you need to send files to. There is no need to protect this, you could post it on your website. Anything encrypted using your private key (which is secret) can only be decrypted using the public key.
So if your customers can use your public key to decrypt the file it proves it originated from you since you’re the only ones with the private key.