Digital Signing guidelines - NatWest

More documents

Recommendations

Info

5. Bankline Direct Transmissions All communications from the Bankline Direct service to a customer will be digitally signed using an HSM. In order to receive these signed transmissions from the Bankline Direct service, the customer must check that the signature is one from the Bankline Direct service. The customer will need to extract the data from the file for processing by their systems whether that is an automated or manual process. Please refer to section 5.4 for an example of a signed file. The following sections describe how that will be achieved. 5.1 Setup During the registration process, the customer will be sent certificate details which will enable them to authenticate files received from the Bankline Direct service. The following details will be provided to the customer; Production root.cer Production Sub CA.cer (this is the certificate authority used by the Bankline Direct service) NWBSigner1.cer (this is the certificate used for Natwest customers) In order for the Bankline Direct digital signature to be validated by the customer, the certificates must be loaded into the customer’s HSM module or within any other system being used to check files. Section 5.2 will outline the standards that the Bankline Direct signed files will comply with. 5.2 Integration Transmissions sent by the Bankline Direct service will be signed using an S/MIME standard, with the following options applied. Security Type MIME Type MIME Sub-Type Content Transfer Encoding Apply Content Transfer Encoding on Detached Document Signing Option Signing Algorithm Message Syntax Message Output Format Detached Signed Only Application octet-stream Base64 No Single Signature SHA-1 CMS S/MIME 14
5.3 Signature Validation There are two well known methods for checking the validity of the digital signature, i.e. to check whether the certificate has been revoked. These are; Online Certificate Status Protocol (OCSP) This allows the revocation status of a certificate to be determined at the time the file is received Certificate Revocation List (CRL) This is a list of all certificates that have been revoked. It will need to be refreshed at ‘regular’ intervals (e.g. 24 hours). This approach is not perfect as the certificate could have been revoked between the time a file is received from NatWest and the last time the certificate was published. Customers using an HSM solution may find their supplier provides software with the ability to validate signatures applied to files. The customer’s system must extract the signature from the file in order to; check the signature is valid check the file has been supplied by NatWest separate the main file content from the signature for onward processing 15
Page 1 and 2: Bankline Direct Digital Signature G
Page 3 and 4: Terminology Used For ease of refere
Page 5 and 6: Introduction 1.1 Introduction to Ba
Page 7 and 8: 2. Overview of Digital Signing Solu
Page 9 and 10: Detached Signatures A detached sign
Page 11 and 12: Bankline Direct will use whatever d
Page 13: 4. Use of File Signing 4.1 Typical
Page 17 and 18: 6. Smartcard File Signing 6.1 Smart
Page 19 and 20: 6.2 Setup Instructions The followin
Page 21 and 22: The code extract overleaf shows tha
Page 23 and 24: 7. Hardware Security Module Custome

Digital Signing guidelines - NatWest

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?