2.2.9.1.12 SIGNATURE

The SIGNATURE element contains the cryptographic signature of a license or certificate and is appended to the end of each license or certificate. It is computed from the body element of the license or certificate that it is contained in, including the body tags, and follows the format specified by XrML.

The hash SHOULD<4> be a SHA-256 hash of the body. The signature MUST be the hash encrypted with the issuer's private key. The key length MUST be the bit length of the issuer's private key, which MUST match the length of the issuer's public key.

A SIGNATURE element MUST use the following template.

 <SIGNATURE>
    <ALGORITHM>RSA PKCS#1-V1.5</ALGORITHM>
    <DIGEST>
       <ALGORITHM>[[- hashalgorithm -]]</ALGORITHM>
       <PARAMETER name="codingtype">
          <VALUE encoding="string">
             surface-coding
          </VALUE>
       </PARAMETER>
       <VALUE encoding="base64" size="[[- hashsize -]]">
          [[- hash -]]
       </VALUE>
    </DIGEST>
    <VALUE encoding="base64" size="[[- size -]]">
       [[- signature -]]
    </VALUE>
 </SIGNATURE>
  

[[- hashalgorithm -]]: The name of the hash algorithm: SHA-1 or SHA-256.

[[- hashsize -]]: The size of the hash, in bits.

[[- hash -]]: The hash of the body element, base64-encoded.

[[- size -]]: The size, in bits, of the issuer's private key that was used to compute the signature, represented as a string.

[[- signature -]]: The hash of the body element, encrypted with the issuer's private key, base64-encoded.