Skip to main content

XAIT signalling of privileged certificate SHA-1 hash

1 reply [Last post]
steve_wadsworth
Offline
Joined: 2010-07-14
Points: 0

We have a signed application that requires privileges for class loading.

If I understand correctly, in order to grant this we need one of the certificates to be privileged by having it's SHA-1 hash signalled in the XAIT. So we have 2 questions;

1) How do we extract the SHA-1 hash from the certificate (or do we generate a SHA-1 hash of the certificate)?

2) What do we put in the host.properties to signal the hash?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
greg80303
Offline
Joined: 2008-07-03
Points: 0

To generate the hash(es), simply compute the SHA-1 hash of 1 or more of the certificates in the chain used to sign your application that needs MonAppPermission. A single 20-byte (160-bit) SHA-1 hash for a single certificate. The spec allows you to provide multiple hashes in case there are multiple privileged apps signed by multiple authorities.

To put this information into a hostapp.properties file, see the following wiki:

https://community.cablelabs.com/wiki/display/OCORI/File-Based+Application+Signaling

Look for "Privileged Certificates"

G