Library: OSP/BundleSign
Package: BundleSign
Header: Poco/OSP/BundleSign/BundleSigner.h
Description
The BundleSigner class is used sign an existing bundle, using a digital signature algorithm based on the RSA and SHA1 message digest algorithms.
A signed bundle contains two additional files:
- META-INF/<signer>.sf contains message digests (SHA1) for every file stored in the bundle. See the SignatureFile class for a description of the file format.
- META-INF/<signer>.rsa contains a cryptographic signature, based on the RSA algorithm and the SHA1 digest algorithm, of the signature file. Optionally, this file also contains the X509 certificate of the signer in PEM format. The public key contained in this certificate can be used to verify the integrity of the signed bundle.
Member Summary
Member Functions: signBundle, signBundleDirectory, signBundleFile, writeDSAFile
Constructors
BundleSigner
BundleSigner(
const std::string & signer,
const Poco::Crypto::RSAKey & rsaKey
);
Creates a BundleSigner for signing bundles using the given RSA private/public key pair.
Destructor
~BundleSigner
~BundleSigner();
Destroys the BundleSigner.
Member Functions
signBundle
void signBundle(
const std::string & bundlePath
);
Signs the bundle given by path. The given path can either refer to a bundle file (in ZIP file format), or a bundle directory.
This method first computes the cryptographic hashes (SHA1) for all files in the bundle and creates the signature file (named "META-INF/<signer>.sf"). Then, a digital signature is created for the signature file, and stored in the bundle as well ("META-INF/<signer>.rsa").
signBundle
void signBundle(
const std::string & bundlePath,
const Poco::Crypto::X509Certificate & certificate
);
Signs the bundle given by path. The given path can either refer to a bundle file (in ZIP file format), or a bundle directory.
This method first computes the cryptographic hashes (SHA1) for all files in the bundle and creates the signature file (named "META-INF/<signer>.sf"). Then, a digital signature is created for the signature file, and stored in the bundle as well ("META-INF/<signer>.rsa").
The given certificate is included in the digital signature file.
signBundle
void signBundle(
const std::string & bundlePath,
const Poco::Crypto::X509Certificate * pCert
);
signBundleDirectory
void signBundleDirectory(
const std::string & bundlePath,
const std::string & sfPath,
const std::string & rsaPath
);
signBundleFile
void signBundleFile(
const std::string & bundlePath,
const std::string & sfPath,
const std::string & rsaPath
);
writeDSAFile
void writeDSAFile(
std::ostream & ostr,
const std::string & dsaSignature,
const Poco::Crypto::X509Certificate * pCert
);