ISO 10303-21:2016(E)

14 Signature sections

14.1 Signature section structure

The syntax of the signature section is prescribed in Table 3. The signature section is optional. If a signature section is included in the exchange structure then it shall be given after the content that is being verified by that signature. There may be multiple signature sections. Each section shall begin with the special token "SIGNATURE;" and shall terminate with the special token "ENDSEC;".

Each signature shall verify the content that precedes the "SIGNATURE;" token including any previously defined signatures.

The signature shall be structured as defined by the Cryptographic Message Syntax (CMS) for a signature with external content. See clause 3.1.7.6 for the definition of the CMS.

NOTE 1      External because the data is included in the sections above the signature and not embedded into the signature.

When computing the message_digest for the CMS, an implementation shall only include the characters in the alphabet defined in Table 1. See clause 3.1.7.7 for the definition of the message_digest.

The CMS structure shall be written into the exchange structure using the base64 encoding. See clause 3.1.7.5 for the definition of base64.

EXAMPLE      Three lines of a signature:


SIGNATURE;
MIIGpgYJKoZIhvcNAQcCoIIGlzCCBpMCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
DQEHAaCCA9cwggPTMIICu6ADAgECAgEEMA0GCSqGSIb3DQEBCwUAMHoxEzARBgoJ
kiaJk/IsZAEZFgNjb20xGTAXBgoJkiaJk/IsZAEZFglzdGVwdG9vbHMxFzAVBgNV
...
ENDSEC;

NOTE 2      The content of the signature is as described in RFC 5652 Section 5. The encoding of the signature is as described in RFC 4648 Section 4.

NOTE 3      As per Table 3, the first signature is given after the "ISO-10303-21;" token and the rest follow each one verifying all the data in the alphabet that precedes the "S" character in the SIGNATURE token.

© ISO 2016 — All rights reserved