Previous section.
Common Security: CDSA and CSSM, Version 2 (with corrigenda)
Copyright © 2000 The Open Group
Signed Manifests-Verifying Signatures
Validating the integrity of a referent object is a two-step process.
The first step is to validate the integrity of the manifest itself.
Step two checks the integrity of the particular referent.
Verifying the Manifest
The procedure for verifying the signer's information is:
-
Select the signer to be verified
-
Compute the digest of the corresponding signer's information using
the digest algorithm indicated in the signature block file
-
Compare computed digest against digest in the signature block
If the digest values match, the next step is to validate the integrity
of the manifest sections as defined by signer's information. The
procedure for verifying the manifest sections is:
-
For each signature section in the signer's information:
-
Locate the corresponding manifest section matching on the value of the
Name
attribute
-
Compute the digest of that section using the digest algorithm
indicated in the signature information file
-
Compare the computed digest against the value listed in the signature
information file
If the digest values match, the final step is to validate the integrity
of the referents listed in the manifest sections.
Verifying Referents in the Manifest
Once the manifest has been successfully verified, individual referents
in the manifest can be verified. The verification process requires the
use of values provided in the manifest. If the MAGIC token
appears in the manifest section, the verifier must interpret and
correctly act upon the MAGIC value. If the value UsesMetaData is
specified, the verifier must check for one or more Integrity
tokens as metadata statements. If this token appears, the digest must
be calculated according to the instructions provided by the
Integrity token. Verification is completed by computing the
digest of the referent (as controlled by the metadata) and comparing
the result to the value recorded in the manifest section.