Corruption detection (hash audit)

Re-hash a file and compare it against a recorded digest to detect any post-export corruption or modification.

Problem

You’re exporting a de-identified DICOM file for a clinical trial and want to be able to detect whether the file was corrupted or modified after export. The app generates an integrity-manifest export: the DICOM file plus a detached .dcm.sig manifest holding a SHA-256 hash. Later, anyone can re-check the file’s integrity by recomputing the hash — even a single byte changed after export will be detected.

Scope. The manifest is an unkeyed SHA-256 hash. It detects accidental corruption and unintentional modification, not a determined adversary who edits the file and recomputes the sidecar. It is not a cryptographic signature and does not prove authorship. Asymmetric signing is the planned extension (use case 10.5).

Steps

Export with Integrity Manifest

1. Open the file (⌘O).

2. Click Export in the top bar, then select Export with Integrity Manifest….

3. Two files are downloaded simultaneously:

   • The DICOM file (.dcm)
   • The integrity manifest sidecar (.dcm.sig)

Verify Integrity

4. Open the Verify Integrity Manifest modal — ⌘K → type “verify” → select “Verify integrity manifest…”.

5. Upload the DICOM file — click the DICOM file upload area, select the .dcm file. A ✓ indicator confirms the file was loaded.

6. Upload the manifest sidecar — click the manifest upload area, select the .dcm.sig file. A ✓ indicator confirms it was loaded.

7. Click Verify — if both files match, the modal shows a green “Integrity verified” confirmation.

Detect Corruption

8. Modify the DICOM file — flip a single byte in the .dcm file on disk.

9. Re-verify — upload the modified .dcm and the original .sig sidecar. Click Verify.

10. The modal shows “Integrity check FAILED” — the recomputed hash no longer matches the modified file.

Expected Result

• The integrity-manifest export produces two files: .dcm + .dcm.sig.
• Verification with the matching pair shows “Integrity verified”.
• A single byte changed in the DICOM file (or an edited audit snapshot) is detected — verification shows “Integrity check FAILED”.
• The manifest is a SHA-256 hash of the DICOM file content plus a hash binding the audit snapshot, detached for independent re-checking — corruption detection, not adversarial tamper-proofing.