To ensure data integrity, data are signed using a server-side key before
being stored with a signature in a persistent storage on a client. Before
the data that were stored are subsequently used, the data signature is
verified to confirm that the data have not been modified. A signer
identification (ID) uniquely identifying the client is sealed into the
signature so that the identity of the signer cannot be changed without
invalidating the data signature. If the data or the signer ID is altered,
a temporary signature computed for the stored data and signer ID will
differ from the signature that was stored. The server preferably signs a
digest of the data to be stored and verifies a digest of the stored data.
An intermediate key can be provided by the server to enable plural sets
of data on the client to be signed before storage.