Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group

File-Based Representation of Signed Manifests

This section describes the file system based representation of a signed manifest. A signed manifest consists of:

There are two representations for a signed manifest in the file system. The first representation maintains compatibility with existing implementations of signed manifests, while the second representation relaxes some of the constraints imposed by the first.

The META-INF Directory-First File-Based Signed Manifest Representation

The first representation is as a file set which resides in a well-known directory called META-INF. This directory is relative to the file-based referents in the manifest. The manifest description is written in a file called MANIFEST.MF. All pathnames appearing in the sections of MANIFEST.MF are relative to the parent directory of META-INF.

The signer information is placed in the META-INF directory under the filename x.SF, for some string x containing only the characters A-Z 0-9 and dash or underscore. x must not be more than eight characters, for instance MySig.SF.

Signature block filenames must share the base filename of the corresponding signer's information file. The filename extension identifies the signaturing type:

    .RSA      (PKCS7 signature, MD5 + RSA)
    .DSA      (PKCS7 signature, DSA)
    .PGP      (Pretty Good Privacy Signature)

The ESW File-Archive-Based Signed Manifest Representation

The constraints placed by the first file-based representation are relaxed by archiving the signed manifest file set into one file. This archive file is called an Electronic Shrink Wrap file and must end in the filename extension .ESW. The .ESW file must reside in the parent directory relative to all pathnames of file-based referents in the manifest.

The archive format of an .ESW file must conform to the archive format specified by PKWARE. (See http://www.pkware.com/download.html for additional information.)

The signed manifest file set that appears in a .ESW archive must conform to the filename formats stated in the previous section, for example, an .ESW archive must:

It is the responsibility of the verification program to select the correct .ESW file for the objects to be verified.

Representation Constraints

Filenames appearing in the META-INF directory are restricted to the characters A-Z 0-9 and dash or underscore. Base filenames consist of at most eight characters.

The names "META-INF", "MANIFEST.MF", and the filetype ".SF" should be generated as upper case, but must be recognized in upper and lower case.

File system pathnames appearing in a manifest must be relative to the parent directory of META-INF.

There can exist only one MANIFEST.MF file in a META-INF directory.

For each x.SF file there must be a corresponding signature block file.

Before parsing:

Headers:

Versions:

Ordering:

Line length:

Errors:

Limitations:

Algorithms:


Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index