Poco::OSP::BundleSign

class BundleSigner

Library: OSP/BundleSign
Package: BundleSign
Header: Poco/OSP/BundleSign/BundleSigner.h

Description

The BundleSigner class is used sign an existing bundle, using a digital signature algorithm based on the RSA and SHA1 message digest algorithms.

A signed bundle contains two additional files:

  • META-INF/<signer>.sf contains message digests (SHA1) for every file stored in the bundle. See the SignatureFile class for a description of the file format.
  • META-INF/<signer>.rsa contains a cryptographic signature, based on the RSA algorithm and the SHA1 digest algorithm, of the signature file. Optionally, this file also contains the X509 certificate of the signer in PEM format. The public key contained in this certificate can be used to verify the integrity of the signed bundle.

Member Summary

Member Functions: signBundle, signBundleDirectory, signBundleFile, writeDSAFile

Constructors

BundleSigner

BundleSigner(
    const std::string & signer,
    const Poco::Crypto::RSAKey & rsaKey
);

Creates a BundleSigner for signing bundles using the given RSA private/public key pair.

Destructor

~BundleSigner

~BundleSigner();

Destroys the BundleSigner.

Member Functions

signBundle

void signBundle(
    const std::string & bundlePath
);

Signs the bundle given by path. The given path can either refer to a bundle file (in ZIP file format), or a bundle directory.

This method first computes the cryptographic hashes (SHA1) for all files in the bundle and creates the signature file (named "META-INF/<signer>.sf"). Then, a digital signature is created for the signature file, and stored in the bundle as well ("META-INF/<signer>.rsa").

signBundle

void signBundle(
    const std::string & bundlePath,
    const Poco::Crypto::X509Certificate & certificate
);

Signs the bundle given by path. The given path can either refer to a bundle file (in ZIP file format), or a bundle directory.

This method first computes the cryptographic hashes (SHA1) for all files in the bundle and creates the signature file (named "META-INF/<signer>.sf"). Then, a digital signature is created for the signature file, and stored in the bundle as well ("META-INF/<signer>.rsa").

The given certificate is included in the digital signature file.

signBundle protected

void signBundle(
    const std::string & bundlePath,
    const Poco::Crypto::X509Certificate * pCert
);

signBundleDirectory protected

void signBundleDirectory(
    const std::string & bundlePath,
    const std::string & sfPath,
    const std::string & rsaPath
);

signBundleFile protected

void signBundleFile(
    const std::string & bundlePath,
    const std::string & sfPath,
    const std::string & rsaPath
);

writeDSAFile protected

void writeDSAFile(
    std::ostream & ostr,
    const std::string & dsaSignature,
    const Poco::Crypto::X509Certificate * pCert
);