# Data Signing Service

`IDataSigningService` in assembly SanteDB.Core.Api version 3.0.1980.0

## Summary

Contract for services which can sign data using configured digital signature algorithms

### Description

Implementers of this service contract are responsible for computing and validating digital signatures against arbitrary data streams. Implementers of this service are responsible for maintaining (or acquiring) a master list of keys which can be used for data signing, and validating digital signatures.

Implementers should also use the [IDataSigningCertificateManagerService](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_Services_IDataSigningCertificateManagerService.htm) to support key identifiers which are indicated as a secure application/device identifier

## Operations

| Operation                 | Response/Return   | Input/Parameter                                                                                                                                      | Description                                               |
| ------------------------- | ----------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- |
| GetNamedSignatureSettings | SignatureSettings | *String* **systemKeyId**                                                                                                                             | Get the siganture algorithm for the system configured key |
| GetSignatureSettings      | SignatureSettings | <p><em>Byte\[]</em> <strong>certificateThumbprint</strong><br><em>SignatureAlgorithm</em> <strong>signatureAlgorithm</strong></p>                    | Get the signature algorithm for the configured thumbprint |
| SignData                  | Byte\[]           | <p><em>Byte\[]</em> <strong>data</strong><br><em>String</em> <strong>systemKeyId</strong></p>                                                        | Sign with the configured system key                       |
| SignData                  | Byte\[]           | <p><em>Byte\[]</em> <strong>data</strong><br><em>SignatureSettings</em> <strong>settings</strong></p>                                                | Sign with the configured system key                       |
| Verify                    | Boolean           | <p><em>Byte\[]</em> <strong>data</strong><br><em>Byte\[]</em> <strong>signature</strong><br><em>String</em> <strong>systemKeyId</strong></p>         | Verifies the digital signature of the data                |
| Verify                    | Boolean           | <p><em>Byte\[]</em> <strong>data</strong><br><em>Byte\[]</em> <strong>signature</strong><br><em>SignatureSettings</em> <strong>settings</strong></p> | Verifies the digital signature of the data                |

## Implementations

### DefaultDataSigningService - (SanteDB.Core.Api)

Default data signing service

#### Description

This digital signature service uses the keys configured in the [SecurityConfigurationSection](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_Configuration_SecurityConfigurationSection.htm) to sign data based on the type of signature algorithm in the [SecurityConfigurationSection](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_Configuration_SecurityConfigurationSection.htm). Supported signature algorithms are:

* HMAC256 (HMAC + SHA256) using shared secrets
* RS256 (RSA+SHA256) using X.509 certificates (generation of a signature requires private key)
* RS512 (RSA+SHA512)

#### Service Registration

```markup
...
<section xsi:type="ApplicationServiceContextConfigurationSection" threadPoolSize="4">
	<serviceProviders>
		...
		<add type="SanteDB.Core.Security.DefaultDataSigningService, SanteDB.Core.Api, Version=3.0.1980.0, Culture=neutral, PublicKeyToken=null" />
		...
	</serviceProviders>
```

## Example Implementation

```csharp
/// Example Implementation
using SanteDB.Core.Security.Services;
/// Other usings here
public class MyDataSigningService : SanteDB.Core.Security.Services.IDataSigningService { 
	public String ServiceName => "My own IDataSigningService service";
	/// <summary>
	/// Get the siganture algorithm for the system configured key
	/// </summary>
	public SignatureSettings GetNamedSignatureSettings(String systemKeyId){
		throw new System.NotImplementedException();
	}
	/// <summary>
	/// Get the signature algorithm for the configured thumbprint
	/// </summary>
	public SignatureSettings GetSignatureSettings(Byte[] certificateThumbprint,SignatureAlgorithm signatureAlgorithm){
		throw new System.NotImplementedException();
	}
	/// <summary>
	/// Sign  with the configured system key
	/// </summary>
	public Byte[] SignData(Byte[] data,String systemKeyId){
		throw new System.NotImplementedException();
	}
	/// <summary>
	/// Sign  with the configured system key
	/// </summary>
	public Byte[] SignData(Byte[] data,SignatureSettings settings){
		throw new System.NotImplementedException();
	}
	/// <summary>
	/// Verifies the digital signature of the data
	/// </summary>
	public Boolean Verify(Byte[] data,Byte[] signature,String systemKeyId){
		throw new System.NotImplementedException();
	}
	/// <summary>
	/// Verifies the digital signature of the data
	/// </summary>
	public Boolean Verify(Byte[] data,Byte[] signature,SignatureSettings settings){
		throw new System.NotImplementedException();
	}
}
```

## References

* [IDataSigningService C# Documentation](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_Services_IDataSigningService.htm)
* [DefaultDataSigningService C# Documentation](http://santesuite.org/assets/doc/net/html/T_SanteDB_Core_Security_DefaultDataSigningService.htm)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.santesuite.org/developers/server-plugins/implementing-.net-features/service-definitions/data-signing-service.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.