| Excerpt |
|---|
To ensure messages are transmitted, untampered signature based authentication is used. |
...
To authenticate a message a signature is required and a the set of trusted certificates. The former is described in the following section, the later latter is obtained from RepositorySettings as certificates having either an OperationPermission or the InfrastructurePermission MessageSigner. Further restrictions on which component IDs are allowed to use a certificate may be imposed. If a certificate has a non-empty AllowedCertificateUsers list, the components ID must be present in that list for the message to be authenticated.
Components participating in a Bit Repository where RequireMessageAuthentication in RepositorySettings have been set to true is required to:
...
Because messages are exchanged encapsulated in XML, there are two well defined ways to handle signing of the messages. One is XML Signatures, the other - and somewhat simpler - is Cryptographic Message Syntax - also known as PKCS#7. As one of the objectives is to prevent message tampering, there is no need for the granularity of XML Signatures. Therefore Cryptographic Message Syntax - or CMS for short - is chosen for signing and optionally encrypting messages. The identity of the signer is embedded in the public certificate.
The hash algorithm for the generation of the message hash is SHA512. The signing certificate is excluded from the signature to reduce the size.
The message signature is calculated on the message xml interpreted as a utf-8-encoded byte stream and transmitted, base 64-encoded, in the message header org.bitrepository.messages.signature.
Signature generation and verification
...