encoding - Is there a standard on how to sign primitive types? -
i designing protocol exchange ious (digital promissory notes). these should digitally signed, signature should independent data representation (whether xml, json, binary, little or big endian numbers).
is there standard on how sign list of strings , primitive types (like integers, floating points, booleans)?
the better question best format verifying digitally signed data primitives.
the answer xml formatted , signed according xades standard. xades harmonized related standards , many implementations participate in interoperability tests hosted etsi.
unless easy verify digitally signed format, signature has limited value.
you can sign bit stream , store/maintain signature detached signature. , relying parties (the recipients) need deal 2 files. 1 data , 1 signature.
the advantage of xml xades format enables signed xml file include digital signature.
you can create equivalent of xades data format such json. new format has limited use unless becomes popular , standardized. xades has accomplished this, way go.
added re: comment--
i want provide non-repudiation. understand have save information signed. hoping don't have save xml rather save values included in signature in database (less verbosely) , uniquely reconstruct signed string them before verifying.
technically, can that. you'll need watch out spacing issues within xml. practically, not idea. why:
proving non-repudiation requires meet applicable burden of proof alleged signer did sign data.
you may trying convince original signer of this, expert third party (an auditor) or non-experts (lawyers , juries). want make easy , simple convince these people. schemes such "re-creating" signed file not simple understand compared "here original signed file. signature verifies , signed digital certificate belonging susan signer."
to keep simple, i'd suggest signing xades xml file. extract data file , use in dbms. hang on original signed file in dbms or elsewhere. in case of dispute, produce original file , show verifies. second part of audit show dbms has same data values signed xml.
the programming , storage costs of hanging on original, signed, xml file de minimis, when compared goal of proving non-repudiation of data.
by way, how signer's certificate managed? if less qscd (qualified signature creation device), such storing cert in file system, have problem: no way conclusively prove certificate wasn't used imposter. use secure system signing such cosign (my company) or equivalent system.
Comments
Post a Comment