Data Signing Service

IDataSigningService in assembly SanteDB.Core.Api version 3.0.1980.0

Summary

Contract for services which can sign data using configured digital signature algorithms

Description

Implementers of this service contract are responsible for computing and validating digital signatures against arbitrary data streams. Implementers of this service are responsible for maintaining (or acquiring) a master list of keys which can be used for data signing, and validating digital signatures.

Implementers should also use the IDataSigningCertificateManagerService to support key identifiers which are indicated as a secure application/device identifier

Operations

OperationResponse/ReturnInput/ParameterDescription

GetNamedSignatureSettings

SignatureSettings

String systemKeyId

Get the siganture algorithm for the system configured key

GetSignatureSettings

SignatureSettings

Byte[] certificateThumbprint SignatureAlgorithm signatureAlgorithm

Get the signature algorithm for the configured thumbprint

SignData

Byte[]

Byte[] data String systemKeyId

Sign with the configured system key

SignData

Byte[]

Byte[] data SignatureSettings settings

Sign with the configured system key

Verify

Boolean

Byte[] data Byte[] signature String systemKeyId

Verifies the digital signature of the data

Verify

Boolean

Byte[] data Byte[] signature SignatureSettings settings

Verifies the digital signature of the data

Implementations

DefaultDataSigningService - (SanteDB.Core.Api)

Default data signing service

Description

This digital signature service uses the keys configured in the SecurityConfigurationSection to sign data based on the type of signature algorithm in the SecurityConfigurationSection. Supported signature algorithms are:

  • HMAC256 (HMAC + SHA256) using shared secrets

  • RS256 (RSA+SHA256) using X.509 certificates (generation of a signature requires private key)

  • RS512 (RSA+SHA512)

Service Registration

...
<section xsi:type="ApplicationServiceContextConfigurationSection" threadPoolSize="4">
	<serviceProviders>
		...
		<add type="SanteDB.Core.Security.DefaultDataSigningService, SanteDB.Core.Api, Version=3.0.1980.0, Culture=neutral, PublicKeyToken=null" />
		...
	</serviceProviders>

Example Implementation

/// Example Implementation
using SanteDB.Core.Security.Services;
/// Other usings here
public class MyDataSigningService : SanteDB.Core.Security.Services.IDataSigningService { 
	public String ServiceName => "My own IDataSigningService service";
	/// <summary>
	/// Get the siganture algorithm for the system configured key
	/// </summary>
	public SignatureSettings GetNamedSignatureSettings(String systemKeyId){
		throw new System.NotImplementedException();
	}
	/// <summary>
	/// Get the signature algorithm for the configured thumbprint
	/// </summary>
	public SignatureSettings GetSignatureSettings(Byte[] certificateThumbprint,SignatureAlgorithm signatureAlgorithm){
		throw new System.NotImplementedException();
	}
	/// <summary>
	/// Sign  with the configured system key
	/// </summary>
	public Byte[] SignData(Byte[] data,String systemKeyId){
		throw new System.NotImplementedException();
	}
	/// <summary>
	/// Sign  with the configured system key
	/// </summary>
	public Byte[] SignData(Byte[] data,SignatureSettings settings){
		throw new System.NotImplementedException();
	}
	/// <summary>
	/// Verifies the digital signature of the data
	/// </summary>
	public Boolean Verify(Byte[] data,Byte[] signature,String systemKeyId){
		throw new System.NotImplementedException();
	}
	/// <summary>
	/// Verifies the digital signature of the data
	/// </summary>
	public Boolean Verify(Byte[] data,Byte[] signature,SignatureSettings settings){
		throw new System.NotImplementedException();
	}
}

References

PreviousData Privacy Enforcement ProviderNextdCDR Subscription Definition Provider

Last updated