File Information
Library: OSP/BundleSign
Package: BundleSign
Header: Poco/OSP/BundleSign/BundleSigner.h
Description
The BundleSigner class is used sign an existing bundle, using a digital signature algorithm based on the RSA and SHA1/SHA2 message digest algorithms.
A signed bundle contains two additional files:
- META-INF/<signer>.sf contains message digests (SHA1 or SHA2) for every file stored in the bundle. See the SignatureFile class for a description of the file format.
- META-INF/<signer>.rsa contains a cryptographic signature, based on the RSA algorithm and the SHA1/SHA2 digest algorithm, of the signature file. Optionally, this file also contains the X509 certificate of the signer in PEM format. The public key contained in this certificate can be used to verify the integrity of the signed bundle.
Member Summary
Member Functions: signBundle, signBundleDirectory, signBundleFile, writeDSAFile
Constructors
BundleSigner
BundleSigner(
const std::string & signer,
const Poco::Crypto::RSAKey & rsaKey
);
Creates a BundleSigner for signing bundles using the given RSA private/public key pair and the SHA1 digest algorithm.
This constructor is provided for backwards compatibility only. New code should use the three-argument constructor accepting the name of a digest algorithm and specify a stronger digest algorithm.
BundleSigner
BundleSigner(
const std::string & signer,
const Poco::Crypto::RSAKey & rsaKey,
const std::string & digestAlgorithm
);
Creates a BundleSigner for signing bundles using the given RSA private/public key pair and digest algorithm, which should be on of:
- "SHA1" (for backwards compatibility, no longer recommended)
- "SHA256" (SHA2-256, recommended)
- "SHA224" (SHA2-224)
- "SHA384" (SHA2-384)
- "SHA512" (SHA2-512)
Note: it is actually possible to specify any of the digest algorithms supported by the Poco::Crypto::DigestEngine class. However, the BundleVerifier class only supports the listed SHA1 and SHA2 algorithms.
Destructor
~BundleSigner
~BundleSigner();
Destroys the BundleSigner.
Member Functions
signBundle
void signBundle(
const std::string & bundlePath
);
Signs the bundle given by path. The given path can either refer to a bundle file (in ZIP file format), or a bundle directory.
This method first computes the cryptographic hashes (SHA1) for all files in the bundle and creates the signature file (named "META-INF/<signer>.sf"). Then, a digital signature is created for the signature file, and stored in the bundle as well ("META-INF/<signer>.rsa").
signBundle
void signBundle(
const std::string & bundlePath,
const Poco::Crypto::X509Certificate & certificate
);
Signs the bundle given by path. The given path can either refer to a bundle file (in ZIP file format), or a bundle directory.
This method first computes the cryptographic hashes (SHA1 or SHA256) for all files in the bundle and creates the signature file (named "META-INF/<signer>.sf"). Then, a digital signature is created for the signature file, and stored in the bundle as well ("META-INF/<signer>.rsa").
The given certificate is included in the digital signature file.
signBundle
void signBundle(
const std::string & bundlePath,
const Poco::Crypto::X509Certificate * pCert
);
signBundleDirectory
void signBundleDirectory(
const std::string & bundlePath,
const std::string & sfPath,
const std::string & rsaPath
);
signBundleFile
void signBundleFile(
const std::string & bundlePath,
const std::string & sfPath,
const std::string & rsaPath
);
writeDSAFile
void writeDSAFile(
std::ostream & ostr,
const std::string & dsaSignature,
const Poco::Crypto::X509Certificate * pCert
);
Variables
SHA1
static const std::string SHA1;
SHA224
static const std::string SHA224;
SHA256
static const std::string SHA256;
SHA384
static const std::string SHA384;
SHA512
static const std::string SHA512;