Certificate and signature management is a support function for dealing with certificates and signature methods needed for signing a Descriptor and validating digital signatures.

An overview of the tasks for certificate and signature management follows:

• Access certificates either on a file system or on a certificate store;
• Secure handling of authentication factor(s), e.g., the password that may be needed for accessing a private key associated with a certificate;
• Creating digital signatures according to Open Packaging Conventions standard;
• Validating a Descriptor digital signature by checking the validity of all involved certificates as defined in 7.8.2 and checking the signature hash against the hash of the content;
• Ability to create a self-signed certificate that can be used if no CA-signed certificate is available;
• Warning the user of signature errors (non-valid certificates, non-matching signatures);
• Reporting of the scope of each digital signature of a Descriptor (which files are signed with a signature).