Digital Signing guidelines - NatWest
Digital Signing guidelines - NatWest
Digital Signing guidelines - NatWest
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
5.3 Signature Validation<br />
There are two well known methods for checking the validity of the digital signature, i.e. to check whether the<br />
certificate has been revoked. These are;<br />
<br />
<br />
Online Certificate Status Protocol (OCSP)<br />
This allows the revocation status of a certificate to be determined at the time the file is received<br />
Certificate Revocation List (CRL)<br />
This is a list of all certificates that have been revoked. It will need to be refreshed at ‘regular’ intervals<br />
(e.g. 24 hours). This approach is not perfect as the certificate could have been revoked between the time<br />
a file is received from <strong>NatWest</strong> and the last time the certificate was published.<br />
Customers using an HSM solution may find their supplier provides software with the ability to validate signatures<br />
applied to files.<br />
The customer’s system must extract the signature from the file in order to;<br />
<br />
<br />
check the signature is valid<br />
check the file has been supplied by <strong>NatWest</strong><br />
separate the main file content from the signature for onward processing<br />
15