Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group

Signed Manifests-Verifying Signatures

Validating the integrity of a referent object is a two-step process. The first step is to validate the integrity of the manifest itself. Step two checks the integrity of the particular referent.

Verifying the Manifest

The procedure for verifying the signer's information is:

  1. Select the signer to be verified

  2. Compute the digest of the corresponding signer's information using the digest algorithm indicated in the signature block file

  3. Compare computed digest against digest in the signature block

If the digest values match, the next step is to validate the integrity of the manifest sections as defined by signer's information. The procedure for verifying the manifest sections is:

  1. For each signature section in the signer's information:

If the digest values match, the final step is to validate the integrity of the referents listed in the manifest sections.

Verifying Referents in the Manifest

Once the manifest has been successfully verified, individual referents in the manifest can be verified. The verification process requires the use of values provided in the manifest. If the MAGIC token appears in the manifest section, the verifier must interpret and correctly act upon the MAGIC value. If the value UsesMetaData is specified, the verifier must check for one or more Integrity tokens as metadata statements. If this token appears, the digest must be calculated according to the instructions provided by the Integrity token. Verification is completed by computing the digest of the referent (as controlled by the metadata) and comparing the result to the value recorded in the manifest section.
Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index