dcmsign: bibliothèque de signature numérique et applications utilitaires
Ce module contient des classes permettant de créer des signatures numériques dans des jeux de données DICOM, de les vérifier et de les supprimer. Les signatures sont conformes à l'extension DICOM "Digital Signatures" (anciennement Supplement 41). Ce module nécessite la bibliothèque externe OpenSSL.
Les principales classes d'interface sont :
Outils
Ce module contient l'outil en ligne de commande suivant :
Exemples
L'exemple suivant montre comment vérifier toutes les signatures dans un fichier DICOM :
DcmFileFormat fileformat;
if (fileformat.loadFile("test.dcm").good())
{
// Load a root Certification Authority certificate from "ca_cert.pem"
// and declare it as trusted. All certificates issued by this CA will
// be considered trustworthy (if within their validity time).
SiCertificateVerifier certVerifier;
if (certVerifier.addTrustedCertificateFile("ca_cert.pem",
X509_FILETYPE_PEM).bad())
{
cerr << "unable to load CA certificate" << endl;
return;
}
// Verify all signatures in the dataset, and verify the signer
// certificate against the root CA defined above.
// Fail if no signature is present in the dataset, but do not require
// any specific DICOM signature profile. Verify a secure timestamp
// if present, but do not fail signature verification if no timestamp
// is there.
int result = DcmSignatureHelper::do_verify(fileformat.getDataset(),
certVerifier, ESVP_requireSignature, ETVP_verifyTSIfPresent);
if (result == 0)
std::cerr << "signature(s) found and successfully verified" << endl;
else
std::cerr << "signature absent or verification failed" << endl;
}
L'exemple suivant montre comment signer un fichier DICOM :
DcmFileFormat fileformat;
if (fileformat.loadFile("test.dcm").good())
{
// dataset to be signed
DcmDataset *dataset = fileformat.getDataset();
// select transfer syntax in which digital signature will be created
E_TransferSyntax xfer = dataset->getOriginalXfer();
// use Little Endian Explicit for uncompressed files
if ((xfer == EXS_LittleEndianImplicit) ||
(xfer == EXS_BigEndianExplicit))
xfer = EXS_LittleEndianExplicit;
SiCreatorProfile profile; // utilise le "RSA Creator Profile"
SiRIPEMD160 mac; // utilise RIPEMD160 comme algorithme MAC
SiCertificate cert; // notre certificat
if (cert.loadCertificate("certificate.pem", X509_FILETYPE_PEM).bad())
{
cerr << "unable to load certificate" << endl;
return;
}
SiPrivateKey key; // clé privée, qui doit être non chiffrée ici
if (key.loadPrivateKey("privkey.pem", X509_FILETYPE_PEM).bad())
{
cerr << "unable to load private key" << endl;
return;
}
// list of attributes to be signed. It can remain empty here
// since we're using the RSA Creator Profile to determine the
// list of attributes that needs to be signed
DcmAttributeTag tags;
// now create the signature
int result = DcmSignatureHelper::do_sign(dataset,
key, cert, &mac, &profile, &tags, xfer, NULL,
SiSignaturePurpose::ESP_none, NULL);
if (result == 0)
std::cerr << "signature successfully created" << endl;
else
std::cerr << "signature creation failed" << endl;
}