Filter
Top Products
Protocols — Network Support
Version 1.10 12/01/02 15-105
The left-hand string must appear exactly as shown. The right-hand string must be a unique GUID
for every signer’s information file created. The Win32 function UuidCreate() can be used for this
on Win32 systems. The GUID is a binary value that must be base-64 encoded. Base-64 is a simple
encoding scheme for representing binary values that uses only printing characters. Base-64
encoding is described in [BASE-64].
SignerInformationName: BIS_VerifiableObjectSignerInfoName
The left-hand string must appear exactly as shown. The right-hand string must appear exactly as
shown.
Name: (a memory-type data object name)
This identifies the section in the signer’s information file corresponding to the section with the
same name in the manifest file described earlier. The right-hand string must match exactly the
corresponding string in the manifest file described above.
Digest-Algorithms: SHA-1
This enumerates the digest algorithms for which integrity data is included for the corresponding
manifest section. Strings identifying digest algorithms are the same as in the manifest file. The
digest algorithms specified here must match those specified in the manifest file. For every digest
algorithm XXX listed, there must also be a corresponding XXX-Digest line.
SHA-1-Digest: (base-64 representation of a SHA-1 digest of the
corresponding manifest section)
Gives the corresponding digest value for the corresponding manifest section. The value is base-64
encoded. Note that for the purpose of computing the hash of the manifest section, the manifest
section starts at the beginning of the opening “Name:” keyword and continues up to, but not
including, the next section’s “Name:” keyword or the end-of-file. Thus the hash includes the
blank line(s) at the end of a section and any newline(s) preceding the next “Name:” keyword or
end-of-file.
//**********************************************************
// Signature Block File Example
//**********************************************************
A signature block file is a raw binary file (not base-64 encoded) that is a PKCS#7 defined format
signature block. The signature block covers exactly the contents of the signer’s information file.
There must be a correspondence between the name of the signer’s information file and the signature
block file. The base name matches, and the three-character extension is modified to reflect the
signature algorithm used according to the following rules:
• DSA signature algorithm (which uses SHA-1 hash): extension is DSA.
• RSA signature algorithm with MD5 hash: extension is RSA.
So for example with a signer’s information file name of “myinfo.SF,” the corresponding DSA
signature block file name would be “myinfo.DSA.”
The format of a signature block file is defined in [PKCS].