3.1.5.1.1.3 Processing Details

The server MUST perform the following steps after receiving RollTransportKey.

  • Validate the HealthCertificate in an implementation-specific manner and return an error “HealthCertificateException” if validation fails.

  • Validate that the IngressProtector is in a valid XML format and return the error “InvalidProtectorException” if validation fails.

  • Validate the following in the IngressProtector in an implementation-specific manner and return the error “InvalidProtectorException” if validation fails:

    • WrappingId in GuardianSignature points to a valid wrapping.

    • Signature fields in GuardianSignature and TransportKeySignature have valid values.

  • Validate that each Wrapping in the Wrappings field of IngressProtector is properly constructed and signed, as follows, and return the error “InvalidWrappingException” if validation fails:

    • SigningCertificate and EncryptionCertificate are valid X.509 certificates.

    • ParentWrappingId in SigningCertificateSignature points to a valid wrapping in the protector, or to the current Wrapping if it is the owner.

    • Current Wrapping chains up to the owner of the protector.

    • Signature in SigningCertificateSignature is created using the SigningCertificate of the parent wrapping.

    • Signature in EncryptionCertificateSignature is created using the SigningCertificate of the current wrapping.

  • Verify that Protector has a wrapping for the KPS, process the IngressProtector and extract the IngressTransportKey, generate EgressTransportKey, and generate an EgressProtector in an implementation-specific manner.

  • Sign the EngressProtector with the private key of the KPS’s SigningCertificate, as specified in section 2.2.2.8.

  • Derive the key from the TransportKey of EgressProtector using the KeyDerivationMethod, as specified in section 2.2.2.9, and sign the EgressProtector with that key.

  • Encrypt and sign the TransportKeys of both the IngressProtector and TransportKey in an implementation-specific manner.

The server MUST return the EgressProtector and EncryptedTransportKeys to the calling application.