Document Verification And Authentication By Using Password Based Qr Code Signature With Rsa 2048, Aes Encryption, And Sha-256
DOI:
https://doi.org/10.52436/1.jutif.2026.7.2.5484Keywords:
AES encryption, Digital signature, Document verification, Password, QR Code, RSA 2048Abstract
This research presents a secure digital-signature framework for document authentication using QR Codes, combining three modern cryptographic primitives: RSA 2048-bit for digital signing, SHA-256 for document-integrity verification, and password-based AES encryption to protect the signer’s private key. The system addresses a recurring limitation in previous QR-Code-based signature schemes—the absence of secure private-key storage—by deriving AES keys from user passwords and salts, ensuring that RSA private keys are never stored in plaintext. A web-based implementation was developed to support user registration, signature generation, and document verification, requiring only a PDF file and the associated password from users. Functional testing demonstrates that the system accurately authenticates signer identities, detects any modification to document content, identifies incorrect document numbers, and rejects invalid or non-signature QR Codes. These results confirm that the combination of RSA 2048, SHA-256 hashing, and password-derived AES encryption effectively ensures confidentiality of private keys while preserving document integrity and authenticity. The approach also prevents common forgery scenarios, including document substitution, unauthorized content changes, and QR Code misuse.
Downloads
References
M. Hara, “Development and popularization of QR Code – Code development pursuing reading performance and market forming by open strategy”, Synthesiology, vol. 12, no. 1, pp.19–27, 2019, doi: 10.5571/syntheng.12.1_19.
A. Jose, S. Prasanna Venkatesan, and B. Kumar, “A QR code-based traceability system for dry fish supply chain of micro and small enterprises in India,” Int. J. Indian Culture and Business Management, vol. 31, no. 2, pp. 145–149, 2024, doi: 10.1504/ijicbm.2024.136801.
M. Tu, L. Wu, H. Wan, Z. Ding, Z. Guo, and J. Chen, “The adoption of QR Code mobile payment technology during Covid-19: A social learning perspective,” Front. Psychol., vol. 12, Feb. 2022, doi: 10.3389/fpsyg.2021.798199.
M. Waqas Ayub, I. Winarno, and A. Sudarsono, “QR Code-based smart document implementation using distributed database and digital signature,” Indonesian Journal of Computer Science, vol. 13, no. 1, pp. 79–92, 2024, doi: 10.33022/ijcs.v13i1.3673.
A. Indra Irawan, I. Hedi Santoso, Istikmal, and M. Rahayu, “Implementation of QR Code attendance security system using RSA and hash algorithms,” Jurnal Nasional Teknik Elektro dan Teknologi Informasi, vol. 13, no. 1, pp. 53–59, Feb. 2024, doi: 10.22146/jnteti.v13i1.4395.
Y.-W. Chow, W. Susilo, G. Yang, M. H. Au, and C. Wang, “Authentication and transaction verification using QR Codes with a mobile device,” in International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, 2016, pp. 437–451.
M. Černý and M. Gogola, “Potential use of RFID and QR Code in the supply chain based on blockchain and smart contract,” Transportation Research Procedia, vol. 74, pp. 354–362, 2023, doi: 10.1016/j.trpro.2023.11.155.
Behrouz A. Forouzan, Cryptography and Network Security, 1st ed. New Delhi: Tata McGraw-Hill Publishing Company Limited, 2007.
Mark Stamp, Information Security Principles and Practices, 2nd ed. San Jose, CA, USA: John Wiley & Sons, 2011.
C. Gilbert and M. Abiola Gilbert, “Exploring secure hashing algorithms for data integrity verification,” International Journal of Multidisciplinary Research and Publications (IJMRAP), vol. 7, no. 11, pp. 373–390, 2025, doi: 10.2139/ssrn.5251606.
P. Boyanov, “Practical applications of hash functions MD5, SHA-1, and SHA-256 using various software tools to verify the integrity of files,” Journal Scientific and Applied Research, vol. 27, no. 1, pp. 120–137, 2024, doi: 10.46687/jsar.v27i1.413.
K. Somsuk, “The development of signing and verification methods for high speed digital signatures on electronic official documents by using RSA cryptography,” Cogent Eng, vol. 11, no. 1, 2024, doi: 10.1080/23311916.2024.2432513.
T. Diah, A. P. Wardhani, and Y. Asriningtias, “Implementation of AES-256 algorithm in the design of company-based digital document security application,” Journal of Information Technology and Computer Science (INTECOMS), vol. 6, no. 2, 2023, doi: 10.31539/intecoms.v6i2.8027.
R. Indrayani, P. Ferdiansyah, and M. Koprawi, “Analisis penggunaan kriptografi metode AES 256 bit pada pengamanan file dengan berbagai format,” Digital Transformation Technology, vol. 4, no. 2, pp. 1245–1251, Feb. 2025, doi: 10.47709/digitech.v4i2.5457.
T. R. Nur Ridawan and R. H. P. Sejati, “Data security implementation with advanced encryption standard 256 in notary mobile applications,” IJARCCE, vol. 12, no. 11, Nov. 2023, doi: 10.17148/ijarcce.2023.121109.
A. Gani, P. Suratma, and A. Azis, “Tanda tangan digital menggunakan QR Code dengan metode Advanced Encryption Standard,” Techno, vol. 8, no. 1, pp. 59–68, 2017, doi: 10.30595/techno.v18i1.1482.
F. Nuraeni, Y. Handoko Agustin, D. Kurniadi, and I. Dewi Ariyanti, “Implementasi skema QR-Code dan digital signature menggunakan kombinasi algoritma RSA dan AES untuk pengamanan data sertifikat elektronik,” in Seminar Nasional Teknologi Informasi, Komunikasi dan Industri (SNTIKI) 12, 2020, pp. 43–52.
A. Lorien, and T. Wellem, “Implementasi sistem otentikasi dokumen berbasis Quick Response (QR) Code dan digital signature,” Jurnal Resti, vol. 5, no. 4, pp. 663–671, 2021, doi: 10.29207/resti.v5i1.3316.
K. Yasa, P. Sukarata, G. Putra, I. Nugroho, and I. Astawa, “Secure electronic document with QR Code and RSA digital signature algorithm,” in INSTICC, Jan. 2023, pp. 1370–1375, doi: 10.5220/0010965600003260.
“LNCS 3006 - Security Analysis of SHA-256 and Sisters.” [Online]. Available: http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html. Accessed: Nov. 27, 2025.
J. Bharti and S. Singh, “A hybrid approach using AES-RSA encryption for cloud data security,” International Journal of Intelligent Systems and Applications in Engineering, vol. 12, no. 21S, pp. 62–69, 2024, doi: 10.19101/ijatee.2016.317005.
Q. Chang, T. Ma, and W. Yang, “Low power IoT device communication through hybrid AES-RSA encryption in MRA mode,” Sci Rep, vol. 15, no. 1, Dec. 2025, doi: 10.1038/s41598-025-98905-0.
S. Parikh, R. Jhanwar, and A. Singh, “Hybridization of AES and RSA algorithm in file encryption using parallel computing”, in International Conference on Advanced Communication and Intelligent Systems, 2023, pp. 281–291.
I. Ifrah and Prof. V. Jadeja, “Hybrid AES–RSA encryption and decryption for secure data transmission,” International Journal of Research Publication and Reviews, vol. 6, no. 10, pp. 1615–1621, Oct. 2025, doi: 10.55248/gengpi.6.1025.3605.
B. Sugiantoro, “Analysis of password and salt combination scheme to improve hash algorithm security,” International Journal of Advanced Computer Science and Applications, vol. 10, no. 11, 2019, doi: 10.14569/ijacsa.2019.0101158.
“Node.js v25.2.1 Documentation.” [Online]. Available: https://nodejs.org/docs/latest/api/. Accessed: Nov. 27, 2025.
“Node Package Manager Documentation.” [Online]. Available: https://docs.npmjs.com/. Accessed: Nov. 27, 2025.
Additional Files
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Mariskha Tri Adithia, Naomi Elianora, Maria Veronica
This work is licensed under a Creative Commons Attribution 4.0 International License.
