Digital Signing guidelines - NatWest

More documents

Recommendations

Info

3. S/MIME Digital Signatures S/MIME is the standard used to sign files that are sent to the customer. All payment files must also be signed using S/MIME. Signing of all payment files must adhere to the S/MIME standard regardless of whether Smartcards or HSMs are used to provide the signature. As S/MIME is a complex standard this section is included as a ‘primer’ for customers who have no familiarity or experience with S/MIME. It is not meant to cover all areas of the (S)MIME standard. It is meant only to give a high-level overview of how S/MIME files are constructed, for use with Bankline Direct. 3.1 MIME Bankline Direct requires that digitally signed files are submitted using the S/MIME format. S/MIME is an extension of the MIME standard and is used to describe how to deliver signed and encrypted files. Simply, MIME is formed of the following entities: MIME Header – description of the MIME file contents MIME Boundary – text delimiter to separate entities MIME Part – a MIME file can have one or more MIME parts, each separated by a MIME boundary. Each part will have headers describing the MIME part content MIME Header MIME Boundary Describes the MIME file Text delimiter MIME Part N MIME Part 1 MIME Boundary Text delimiter MIME Part N+1 MIME Part 2 MIME Boundary Text delimiter MIME Part N+2 MIME Part 3 MIME Boundary Text delimiter For files with only one MIME Part, the boundary is not necessary: MIME Header Describes the MIME file MIME Part MIME Part 1 3.2 S/MIME Digital Signatures Digitally signed files can be submitted to Bankline Direct with detached or embedded (opaque) signatures. Bankline only creates files with detached signatures. 8
Detached Signatures A detached signature is where the signature is a separate structure to the signed data. MIME Header MIME Boundary MIME Part 1 Signed Data MIME Boundary MIME Part 2 The digital signature (CMS format) MIME Boundary This can be represented as follows: MIME Header MIME-Version: 1.0{CRLF} Content-Type: multipart/signed; {optional CRLF}{SPACE}protocol=”application/x-pkcs7-signature”; {optional CRLF}{SPACE}micalg=sha1; {optional CRLF}{SPACE}boundary=”{boundary text}”{CRLF} {CRLF} {optional message with CRLF} MIME Boundary --{boundary text}{CRLF} MIME Part 1 Content-Type: {content type/content sub-type}{CRLF} {CRLF} {raw data}{CRLF} MIME Boundary --{boundary text}{CRLF} MIME Part 2 Content-Type:application/x-pkcs7-signature; {optional CRLF}{SPACE}name=”smime.p7s”{CRLF} Content-Transfer-Encoding: base64{CRLF} Content-Disposition: attachment; filename=”smime.p7s”{CRLF} {CRLF} {signature}{CRLF} MIME Boundary --{boundary text}-- 9
Page 1 and 2: Bankline Direct Digital Signature G
Page 3 and 4: Terminology Used For ease of refere
Page 5 and 6: Introduction 1.1 Introduction to Ba
Page 7: 2. Overview of Digital Signing Solu
Page 11 and 12: Bankline Direct will use whatever d
Page 13 and 14: 4. Use of File Signing 4.1 Typical
Page 15 and 16: 5.3 Signature Validation There are
Page 17 and 18: 6. Smartcard File Signing 6.1 Smart
Page 19 and 20: 6.2 Setup Instructions The followin
Page 21 and 22: The code extract overleaf shows tha
Page 23 and 24: 7. Hardware Security Module Custome

Digital Signing guidelines - NatWest

Create successful ePaper yourself

Delete template?

Save as template?