本帖最后由 medimage 于 2015-12-4 21:28 编辑
九、dcmsign程序库
dcmsign是一个数字签名库和可用工具。这个模块包含了一些类,以创建DICOM数据集中的数字签名,并验证和删除签名。这个模块需要扩展的OpenSSL库的支持。
主要接口:
--DcmSignature: this class provides the main interface to the dcmsign module - it allows to create, examine and verify digital signatures in DICOM datasets or items. The methods in this class do not handle digital signatures embedded in sequence items within the dataset, other than providing helper functions that allow to locate and attach the sub-items separately. 在dcsignat.h中定义。
--SiSecurityProfile: 所有安全框架的抽象基类。abstract base class for all security profiles. 在sisprof.h文件中定义。 --SiCertificate: a class representing X.509 public key certificates. 在sicert.h文件中定义。
--SiPrivateKey: a class representing a private key. 在siprivat.h文件中定义。
--SiMAC: a base class for all classes that implement hash functions. 在simac.h文件中定义。
工具:
dcmsign: Sign and Verify DICOM Files
举例:
--验证一个DICOM文件中的所有签名。 DcmFileFormat fileformat; if (fileformat.loadFile("test.dcm").good()) { int counter = 0; // counts the signatures in the DICOM file int corrupt_counter = 0; // counts signatures that failed verification DcmDataset *dataset = fileformat.getDataset(); DcmStack stack; // stores current location within file DcmSignature signer; // signature handler DcmItem *sigItem = DcmSignature::findFirstSignatureItem(*dataset, stack); while (sigItem) // browse through items that contain digital signatures { signer.attach(sigItem); // each item may contain multiple signatures for (unsigned long l=0; l < signer.numberOfSignatures(); ++l) { if (signer.selectSignature(l).good()) { ++counter;
if (signer.verifyCurrent().bad()) // verify signature
corrupt_counter++;
}
}
signer.detach();
sigItem = DcmSignature::findNextSignatureItem(*dataset, stack);
}
if (counter == 0)
cerr << "no signatures found in dataset." << endl;
else
cerr << counter << " signatures verified in dataset, "
<< corrupt_counter << " corrupted." << endl;
}
--给一个DICOM文件增加签名。
DcmFileFormat fileformat;
if (fileformat.loadFile("test.dcm").good()) {
DcmDataset *dataset = fileformat.getDataset();
SiCreatorProfile profile; // select the "RSA Creator Profile"
SiRIPEMD160 mac; // use RIPEMD160 as MAC algorithm
DcmSignature signer; // signature handler
SiCertificate cert; // our certificate
if (cert.loadCertificate("certificate.pem", X509_FILETYPE_PEM).bad())
{
cerr << "unable to load certificate" << endl;
return;
}
SiPrivateKey key; // private key, must be unencrypted here
if (key.loadPrivateKey("privkey.pem", X509_FILETYPE_PEM).bad())
{
cerr << "unable to load private key" << endl;
return;
}
signer.attach(dataset); // connect handler to data set
if (signer.createSignature(key, cert, mac, profile).good())
{
fileformat.saveFile("test_signed.dcm"); // write back
}
}
|