Poco::OSP::BundleSign

class BundleSigner

Library: OSP/BundleSign
Package: BundleSign
Header: Poco/OSP/BundleSign/BundleSigner.h

Description

The BundleSigner class is used sign an existing bundle, using a digital signature algorithm based on the RSA and SHA1/SHA2 message digest algorithms.

A signed bundle contains two additional files:

  • META-INF/<signer>.sf contains message digests (SHA1 or SHA2) for every file stored in the bundle. See the SignatureFile class for a description of the file format.
  • META-INF/<signer>.rsa contains a cryptographic signature, based on the RSA algorithm and the SHA1/SHA2 digest algorithm, of the signature file. Optionally, this file also contains the X509 certificate of the signer in PEM format. The public key contained in this certificate can be used to verify the integrity of the signed bundle.

Member Summary

Member Functions: signBundle, signBundleDirectory, signBundleFile, writeDSAFile

Constructors

BundleSigner

BundleSigner(
    const std::string & signer,
    const Poco::Crypto::RSAKey & rsaKey
);

Creates a BundleSigner for signing bundles using the given RSA private/public key pair and the SHA1 digest algorithm.

This constructor is provided for backwards compatibility only. New code should use the three-argument constructor accepting the name of a digest algorithm and specify a stronger digest algorithm.

BundleSigner

BundleSigner(
    const std::string & signer,
    const Poco::Crypto::RSAKey & rsaKey,
    const std::string & digestAlgorithm
);

Creates a BundleSigner for signing bundles using the given RSA private/public key pair and digest algorithm, which should be on of:

  • "SHA1" (for backwards compatibility, no longer recommended)
  • "SHA256" (SHA2-256, recommended)
  • "SHA224" (SHA2-224)
  • "SHA384" (SHA2-384)
  • "SHA512" (SHA2-512)

Note: it is actually possible to specify any of the digest algorithms supported by the Poco::Crypto::DigestEngine class. However, the BundleVerifier class only supports the listed SHA1 and SHA2 algorithms.

Destructor

~BundleSigner

~BundleSigner();

Destroys the BundleSigner.

Member Functions

signBundle

void signBundle(
    const std::string & bundlePath
);

Signs the bundle given by path. The given path can either refer to a bundle file (in ZIP file format), or a bundle directory.

This method first computes the cryptographic hashes (SHA1) for all files in the bundle and creates the signature file (named "META-INF/<signer>.sf"). Then, a digital signature is created for the signature file, and stored in the bundle as well ("META-INF/<signer>.rsa").

signBundle

void signBundle(
    const std::string & bundlePath,
    const Poco::Crypto::X509Certificate & certificate
);

Signs the bundle given by path. The given path can either refer to a bundle file (in ZIP file format), or a bundle directory.

This method first computes the cryptographic hashes (SHA1 or SHA256) for all files in the bundle and creates the signature file (named "META-INF/<signer>.sf"). Then, a digital signature is created for the signature file, and stored in the bundle as well ("META-INF/<signer>.rsa").

The given certificate is included in the digital signature file.

signBundle protected

void signBundle(
    const std::string & bundlePath,
    const Poco::Crypto::X509Certificate * pCert
);

signBundleDirectory protected

void signBundleDirectory(
    const std::string & bundlePath,
    const std::string & sfPath,
    const std::string & rsaPath
);

signBundleFile protected

void signBundleFile(
    const std::string & bundlePath,
    const std::string & sfPath,
    const std::string & rsaPath
);

writeDSAFile protected

void writeDSAFile(
    std::ostream & ostr,
    const std::string & dsaSignature,
    const Poco::Crypto::X509Certificate * pCert
);

Variables

SHA1 static

static const std::string SHA1;

SHA224 static

static const std::string SHA224;

SHA256 static

static const std::string SHA256;

SHA384 static

static const std::string SHA384;

SHA512 static

static const std::string SHA512;

Securely control IoT edge devices from anywhere   Connect a Device