Digital Signature
As well as the elements described above, an Instruction Definition XML file will typically include a Digital Signature. This signature provides a mechanism to verify the source and integrity of the file.
Digital Signatures and Licensing
Licenses issued by 1E for Tachyon contain restrictions on the Instruction Definitions which can be imported (based on the name of the Instruction Definition, and who has signed it).
Instruction Definition XML files are signed in accordance with the standard defined by the World Wide Web Consortium. The details of the signing mechanism are beyond the scope of this document, but in summary:
The XML document contains an additional
<Signature>
element underneath the root<InstructionDefinition>
elementThe
<Signature>
element contains a number of child elements, which include a Digest Value, a Signature Value, and a base-64 encoded representation of the X509 certificate used to sign the documentModifying or invalidating the content of the Digital Signature will effectively render the XML file unsigned. If this happens, the Instruction Definition XML file cannot be imported into Tachyon.
The signing certificate is not required to issue instructions. The system will only save the thumbprint in InstructionDefinition.Thumbprint field in the database and will use this thumbprint along with instruction definition name and payload to create a checksum (InstructionDefinition.Checksum field in the database). Checksum is used to prevent instruction definition from being tampered with directly in the database after it was imported and it is verified each time an instruction is issued based on given definition.
The signing certificate is required in the Trusted Publishers certificate store on the server only in order that an Instruction administrator can import instructions.