Previous section.

Common Security: CDSA and CSSM, Version 2 (with corrigenda)
Copyright © 2000 The Open Group

Signed Manifests-The Architecture

Signed manifests describe the integrity and authenticity of a collection of digital objects, where the collection is specified as an acyclic connected graph with an arbitrary number of nodes representing arbitrary typed digital objects. Digital signaturing based on public key infrastructure is the basic integrity mechanism for manifests. The signed manifest is data type-agnostic allowing referents in the manifest to be other signed manifests or other types of signed objects.

Figure: Signed Manifest Architectural View

The signed manifest is built from the following components:

The relationship of these components is shown in Relationships of Manifest, Signer's Info and Signature Block.


Figure: Relationships of Manifest, Signer's Info and Signature Block

These three objects must be zipped to form a single set of credentials. Multiple implementations of standard zip algorithms interoperate on one or more platforms, hence a zipped, signed manifest retains a substantial degree of interoperability.

The format used to describe both the manifest and the signer's information are a series of Name:Value pairs, (RFC 822). Binary data of any form is represented in base64. Continuations are required for binary data which causes line length to exceed 72 bytes. Examples of binary data are digests and signatures.

Contents Next section Index