"If we use commercial grade CF's, can we use Vali-Flash to create the same image on different CF's of the same size?"
Yes, providing that the image your burn is smaller then the card (i.e. it will fit on the card). This is the "resize feature" of Vali-Flash 4.
"Commercial grade CF's usually never have the exact same size, and therefore the Validation would create different results. Only industrial grade CF's are guaranteed to have the same size."
Yes, SanDisk calls their industrial grade "Standard Grade" which has a guaranteed size according to their spec sheet.
On the other hand you say that your manufacturer version of Vali-Flash is able to burn images on CF's, and you don't mention to use only industrial grade CF's or the same manufacturer."
When you burn an image the first thing Vali-Flash 4 does is it checks the size of the card versus the size of the image. If they match, it burns without question. If the card is too small it reports an error (Vali-Flash will never truncate the data). If the card is bigger than the image size it will prompt you to create a resized image. This image file will be created and saved to the disk under whatever name. You can then burn with that image. Please note next question.
"Could you please confirm that we could use Vali-Flash to burn an image of the same size (e.g. 29KB) to CF's with various raw sizes (e.g. 32MB, 64MB, 128MB), and different manufacturers (e.g. Hitachi, Toshiba), and that Vali-Flash after that would create the same signature for these CF's."
Vali-Flash will 100% definitely NOT create the same signature with different data sizes. It doesn't matter who makes the card what matters is the size of the card. These cards are completely read for security reasons. For example offset data could pose a security risk. The entire card is checked, including slack space and everything. So the signature is very dependent on the data. Think of the signature as a unique fingerprint of that data. If altered or changed or anything the signature will change.
Now this is not a problem. When you create resized images you can use a game name that is specific to that card. Something like "Game Sample Hitachi-128MB-China" can be the game name or "Game Sample 1", "Game Sample 2", etc. Then when you validate this card it will pull up that specific record ("Game Sample Hitachi-128MB-China"). You can have as many of these as you all you have to do is put some forethought in the naming methodology of how you want to name these cards. There is no reduction of security at all, with the added benefit of being able to use cards off the shelf. If the cards are altered or changed or go bad they will still produce a completely unknown signature.