DDEX Standard

Skip to end of metadata
Go to start of metadata

5.6.1 Overview

Determining the authenticity of a RIN File – and thus being able to judge the reliability of the contained data – is a crucial element of handling RIN Files. This can be achieved by identifying the device or software application that was used to generate a RIN File, the user that triggered the generation of the RIN File, on whose behalf the RIN File was generated, and by digitally signing a RIN File.

The process of signing a RIN File is in accordance with IETF RfC 3275 (XML-Signature Syntax and Processing):

Before signing a RIN File, the RIN Processor needs to be in possession of the private key of the signing entity. Before evaluating the signature of a RIN File, the RIN Processor needs to be in possession of the public key of the signing entity. The process by which these keys are generated and distributed/shared is out of scope for this standard.

5.6.2 Signing

The process of digitally signing a RIN File is as follows:

  1. The RIN Processor to generate the RIN File shall assemble the RIN File – with the exception of the Signature composite in the MessageHeader – and, typically, save it to a permanent storage medium;
  2. The RIN Processor shall calculate a hash sum over the saved RIN File;
  3. This hash sum shall then be encrypted using the private key of the signing entity;
  4. The Signature composite in the MessageHeader shall then be compiled and be added into the RIN File, which then can be stored and shared.

5.6.3 Evaluating a Signature

The process of digitally evaluating a signed RIN File is as follows:

  1. The RIN Processor to evaluate the signature of a RIN File shall open the RIN File and remove the Signature composite from the MessageHeader;
  2. The RIN Processor shall then decrypt the Signature element from the Signature composite using the public key of the entity listed as being the generator of the RIN File, using the algorithm indicated in the Signature composite from the MessageHeader;
  3. The RIN Processor shall also generate a hash sum of the RIN File without the Signature composite from the MessageHeader, using the algorithm indicated in the Signature composite from the MessageHeader;
  4. The RIN Processor shall then compare the decrypted signature with the calculated hash sum:
    1. If they are the same, the entity listed as being the generator of the RIN File can be deemed to have generated the RIN File
    2. If they are not the same, the entity listed as being the generator of the RIN File cannot be deemed to have generated the RIN File

 

  • No labels