Previous section.
Common Security: CDSA and CSSM, Version 2 (with corrigenda)
Copyright © 2000 The Open Group
Signed Manifests
Extensions to the JavaSoft/Netscape Specification
The JavaSoft signed manifest specification states that:
-
-
"It is technically possible that different entities
may use different signing algorithms to share a single
signature file. This violates the standard, and the
extra signature may be ignored."
The Intel-signed manifest specification allows multiple signers to be
included in the PKCS#7 signature block as long as each signer is
signing the same manifest sections.
The only recognized valid MAGIC value for this specification is
UsesMetaData.
Core Set of Name:Value Pairs
Name
This token specifies the referent for the manifest section.
SectionName
This token is informational only to the section it appears in.
(Digest algorithm ID)
Well-known digest algorithm identifiers are:
MD5, SHA, SHA1, MD2, MD4
Ordered-Attributes
This token specifies that some metadata values appearing within this
manifest section must be processed in an order-specific manner. The
order indicated is relative to the signing operation. The verification
operation must reverse the order indicated.
MAGIC
This token is used as a general flagging mechanism. The only associated
value is UsesMetaData.
Integrity
DublinCore
These tokens specify metadata contexts within which the name:value
pairs have meaning.
SchemaInfo
This is a well known name that should be defined in every
metadata set. It points to a resource that provides human
readable text describing the metadata set. For instance:
-
-
Integrity-SchemaInfo: http://developer.intel.com/ial/security/ \
IntegritySchema.html
points to a resource where a human readable description of the
Integrity set resides.
Metadata
Metadata is used to qualify the referent by providing additional
information that cannot be included in the name. The definition of
valid metadata values is an ongoing effort.
This specification
incorporates the Dublin Core metadata set
and a new Integrity Core set to describe the integrity of the referents.
Integrity Core
The Integrity Core is a set of minimal values used to describe the
integrity of information resources. The metadata name for this set is
Integrity.
The core elements are:
-
VerifyData
-
TrustedSigner
-
VerifyIntegrity
-
NamedSectionForm
-
NamedSection
-
Envelope
-
ResourceProxy
- Integrity-VerifyData
This token describes how to retrieve the referent object for hashing.
Valid values are:
-
Reference-hash only the reference, exclude the contents.
-
Reference-value-this is the default, hash both the name and contents.
-
Match-match exactly one of the hash values provided for the referent.
-
Namedsectionvalue-hash the contents identified by the named
section specified.
-
Manifest-the referent is itself a signed manifest.
-
Signedarchive-the referent is an archive which contains a manifest.
- Integrity-TrustedSigner
A token defines trusted signers for signed dynamic data sources. The
signer must be described in another manifest section as an information
resource. The value for this name:value pair must be the value of the
referent (the value of the Name token) in the manifest section
where the trusted signer is described.
- Integrity-VerifyIntegrity
This token is used to create descriptions, which cannot be expressed
using VerifyData or TrustedSigner. Valid values are:
-
Match-indicates that the hash value computed must match
one of the values listed.
-
Ondemand-this serves as a flag indicating that verification
of the referent should be deferred until the point of rendering.
This is useful when the referent is a large streaming object
which will be incrementally verified as well as rendered.
- Integrity-NamedSectionForm
This token defines the format of the partial section to be hashed. This
is used to describe integrity of a portion of a compound object, such
as a Microsoft PowerPoint slide residing in a Microsoft Word document.
- Integrity-NamedSection
This token identifies the section to be hashed.
- Integrity-Envelope
This token indicates that the referent itself is a signed object, where
the signature envelopes the object or is embedded within the object.
Valid values are:
-
PKCS-7-the object is a signed message conforming to
PKCS#7 specification.
-
Authenticode-object has been signed by Microsoft's Authenticode system.
- Integrity-ResourceProxy
This token indicates that the location of the referent object changes
over time. An example is an executable image. To describe the integrity
of the object, a manifest must correctly reference the object as a file
(which is far away) and as a loaded, executing memory image (which is
nearby).
Dublin Core
Details of the specification of the Dublin Core set are outside the
scope of this document.
PKWARE Archive File Format Specification
Details of the PKWARE archive format are outside the scope of this document.