SFMS Bank Application Interface Specifications Document ... - IDRBT
SFMS Bank Application Interface Specifications Document ... - IDRBT
SFMS Bank Application Interface Specifications Document ... - IDRBT
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>SFMS</strong> <strong>Bank</strong> <strong>Application</strong> <strong>Interface</strong> specifications Version 3.0<br />
Appendix A – Digital Sign and Verification<br />
For straight through processing of a message, <strong>Bank</strong>API requires Block 5A with UMAC<br />
information. This section provides information on message signing and algorithms<br />
required.<br />
SIGNATURE<br />
TCS uses PKCS#7 specifications for Digital signatures. This standard describes a general<br />
syntax for data that may have cryptography applied to it, such as digital signatures and<br />
digital envelopes. Even though PKCS#7 specification specifies syntax for Signed data,<br />
enveloped data, signed and enveloped data, encrypted data etc, only PKCS#7 Signed<br />
Data is used in <strong>SFMS</strong>. The PKCS#7 data structure is shown below.<br />
PKCS#7 (CONTENT INFO)<br />
Content Type<br />
Content<br />
Indicates the type of content. It is an object identifier,<br />
which means it is a unique string of integers assigned by<br />
the authority that defines the content type. The value set<br />
by TCS is 1.2.840.113549.1.7.2<br />
Content. It consists of Signed – data Content Type<br />
PKCS#7(SIGNED DATA )<br />
Version The syntax version number. It shall be 1<br />
DigestAlgorithms<br />
Collection of message-digest algorithm identifiers.<br />
ContentInfo<br />
The content that is signed. The Content Type value set by TCS is<br />
1.2.840.113549.1.7.1 and the Content is “NULL” (detached Signature)<br />
Set Of Certificates<br />
TCS sets the Signer Digital Certificate<br />
Set of CRLs<br />
This optional field is not used by TCS<br />
Stack of Signer Info<br />
algorithm ID<br />
Algorithm identifier<br />
Parameters<br />
Algorithm used to sign certificate. TCS<br />
use either SHA1 or MD5<br />
Should not be used.<br />
Signer Info<br />
Version The syntax version number. It shall be 1<br />
IssuerAndSerialNumber<br />
Specifies the signer's certificate<br />
algorithm ID<br />
Identifies the message-digest algorithm (and<br />
Any associated parameters) under which the content and<br />
Authenticated attributes (if present) are digested. TCS uses<br />
SHA1 or MD5 algorithm<br />
AuthenticatedAttributes<br />
Set of attributes that are signed<br />
(i.e., authenticated) by the signer. TCS sets the following<br />
attributes 1) A PKCS #9 content-type attribute having as its<br />
value the content type of the Content Info value being signed 2)<br />
A PKCS #9 message-digest attribute, having as its value the<br />
message digest of the content 3) The signing-time at which the<br />
signer performed the signing process.<br />
Confidential<br />
Uncontrolled when Printed<br />
Page 21 of 24