Workbook on Digital Private Papers > Administrative and preservation metadata > Metadata for authenticity: hash functions and digital signatures

Metadata for authenticity: hash functions and digital signatures

Introduction

Authenticity and integrity are important characteristics of archives and it is natural that archivists are concerned about ensuring the ongoing authenticity of digital archives, which are so easily and near undetectably altered. This ongoing authenticity is also important to the creators of material, as well as to the researchers who will rely on it to inform their research. The OAIS model requires that 'fixity information' be held for digital objects so that their moral and physical integrity can be verified over time. Hash functions and digital signatures are two means of creating and validating such fixity information and both have a number of potential applications in the acquisition, management and dissemination of personal digital archives. Paradigm has therefore explored the nature and uses of hash functions and digital signatures; an overview of these technologies and consideration of how they might be useful to archivists is provided here.

Archival uses for fixity information

Fixity information documents authentication mechanisms used to ensure that the materials stored by a preservation repository have not been altered in an undocumented manner. Creating and verifying fixity information is therefore an integral part of the management process for authentic digital objects ensuring that the repository can be confident of the authenticity and integrity of its digital objects. Many repositories will wish to record some level of fixity information about the digital files and metadata (and versions thereof) that they manage. Not only is fixity information an important part of the OAIS information model, it is also included in a number of metadata schemas for digital objects including PREMIS, METS and others.

When should fixity information be created and verified?

Fixity information can be created or verified at numerous stages in the preservation workflow. The management policy for the archive, its context and the level of confidence required will dictate when and what type of fixity information is created and how often it is verified. Appropriate points in the lifecycle for generating and verifying fixity information include: