Example Digital Signature (Informative) – OPC Unified Architecture

Annex I Example Digital Signature (Informative)

I.1 Example of Digital Signature with a separate certificate

<?xml version=“1.0” encoding=“utf-8” standalone=“yes”?>
<Signature Id=“SignatureIdValue” xmlns=“http://www.w3.org/2000/09/xmldsig#”>
    <SignedInfo>
        <CanonicalizationMethod Algorithm=“http://www.w3.org/2006/12/xml-c14n11”/>
        <SignatureMethod Algorithm=“http://www.w3.org/2001/04/xmldsig-more#rsa-
	  sha256”/>
        <Reference URI=“#idPackageObject” Type=“http://www.w3.org/2000/09/xmldsig#Object”>
            <DigestMethod Algorithm=“http://www.w3.org/2001/04/xmlenc#sha256”/>
            <DigestValue>…</DigestValue>
        </Reference>
    </SignedInfo>
    <SignatureValue>…</SignatureValue>
    <Object Id=“idPackageObject”>
        <Manifest xmlns:opc=“http://schemas.openxmlformats.org/package/2006/digital-
	  signature”>
            <Reference URI=“/CAEX_ClassModel_V.3.0.xsd?ContentType=text/xml”>
                <DigestMethod Algorithm=“http://www.w3.org/2001/04/xmlenc#sha256”/>
                <DigestValue>…</DigestValue>
            </Reference>
            <Reference URI=“/MyDescriptor2.aml?ContentType= application/automationml-aml+xml”>
                <DigestMethod Algorithm=“http://www.w3.org/2001/04/xmlenc#sha256”/>
                <DigestValue>…</DigestValue>
            </Reference>
            <Reference URI=“/_rels/.rels?ContentType=application/vnd.openxmlformats-
	      package.relationships+xml”>
                <Transforms>
                    <Transform Algorithm=“http://www.w3.org/2006/12/xml-c14n11”/>
                </Transforms>
                <DigestMethod Algorithm=“http://www.w3.org/2001/04/xmlenc#sha256”/>
                <DigestValue>…</DigestValue>
            </Reference>
        </Manifest>
        <SignatureProperties>
            <SignatureProperty Id=“idSignatureTime” Target=“#SignatureIdValue”>
                <SignatureTime xmlns=“http://schemas.openxmlformats.org/package/2006/digital-signature”>
                    <Format>YYYY-MM-DDThh:mm:ss.sTZD</Format>
                    <Value>2022-02-10T14:40:52.5+01:00</Value>
                </SignatureTime>
            </SignatureProperty>
        </SignatureProperties>
    </Object>
</Signature>

I.2 Example of Digital Signature with embedded certificate

<?xml version=“1.0” encoding=“utf-8” standalone=“yes”?>
<Signature Id=“SignatureIdValue” xmlns=“http://www.w3.org/2000/09/xmldsig#”>
    <SignedInfo>
        <CanonicalizationMethod Algorithm=“http://www.w3.org/2006/12/xml-c14n11”/>
        <SignatureMethod Algorithm=“http://www.w3.org/2001/04/xmldsig-more#rsa-
	sha256”/>
        <Reference URI=“#idPackageObject” Type=“http://www.w3.org/2000/09/xmldsig#Object”>
            <DigestMethod Algorithm=“http://www.w3.org/2001/04/xmlenc#sha256”/>
            <DigestValue>…</DigestValue>
        </Reference>
    </SignedInfo>
    <SignatureValue>…</SignatureValue>
    <KeyInfo>        
        <X509Data>
            <X509Certificate>…</X509Certificate>
        </X509Data>
    </KeyInfo>
    <Object Id=“idPackageObject”>
        <Manifest xmlns:opc=“http://schemas.openxmlformats.org/package/2006/digital-
	  signature”>
            <Reference URI=“/CAEX_ClassModel_V.3.0.xsd?ContentType=text/xml”>
                <DigestMethod Algorithm=“http://www.w3.org/2001/04/xmlenc#sha256”/>
                <DigestValue>…</DigestValue>
            </Reference>
            <Reference URI=“/MyDescriptor2.aml?ContentType= application/automationml-aml+xml”>
                <DigestMethod Algorithm=“http://www.w3.org/2001/04/xmlenc#sha256”/>
                <DigestValue>…</DigestValue>
            </Reference>
            <Reference URI=“/_rels/.rels?ContentType=application/vnd.openxmlformats-
	      package.relationships+xml”>
                <Transforms>
                    <Transform Algorithm=“http://www.w3.org/2006/12/xml-c14n11”/>
                </Transforms>
                <DigestMethod Algorithm=“http://www.w3.org/2001/04/xmlenc#sha256”/>
                <DigestValue>…</DigestValue>
            </Reference>
        </Manifest>
        <SignatureProperties>
            <SignatureProperty Id=“idSignatureTime” Target=“#SignatureIdValue”>
                <SignatureTime xmlns=“http://schemas.openxmlformats.org/package/2006/digital-signature”>
                    <Format>YYYY-MM-DDThh:mm:ss.sTZD</Format>
                    <Value>2022-02-10T14:36:33.4+01:00</Value>
                </SignatureTime>
            </SignatureProperty>
        </SignatureProperties>
    </Object>
</Signature>

I.3 Example of 2nd Digital Signature with embedded certificate


<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<Signature Id="SignatureIdValue"
    xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11" />
        <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
        <Reference URI="#idPackageObject" Type="http://www.w3.org/2000/09/xmldsig#Object">
            <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
            <DigestValue>…</DigestValue>
        </Reference>
    </SignedInfo>
    <SignatureValue>…</SignatureValue>
    <KeyInfo>
        <X509Data>
            <X509Certificate>…</X509Certificate>
        </X509Data>
    </KeyInfo>
    <Object Id="idPackageObject">
        <Manifest xmlns:opc="http://schemas.openxmlformats.org/package/2006/digital-signature">
            <Reference URI="/CAEX_ClassModel_V.3.0.xsd?ContentType=text/xml">
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <DigestValue>…</DigestValue>
            </Reference>
            <Reference URI="/manifest.xml?ContentType=text/xml">
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <DigestValue>…</DigestValue>
            </Reference>
            <Reference URI="/MyDescriptor.aml?ContentType=application/automationml-aml+xml">
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <DigestValue>…</DigestValue>
            </Reference>
            <Reference URI="/package/services/digital-signature/origin.psdsor?ContentType=application/vnd.openxmlformats-package.digital-signature-origin">
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <DigestValue>…</DigestValue>
            </Reference>
            <Reference URI="/package/services/digital-signature/xml-signature/761bce75914e4d8484fb8f83389b674f.psdsxs?ContentType=application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11" />
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <DigestValue>…</DigestValue>
            </Reference>
            <Reference URI="/_rels/.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11" />
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <DigestValue>…</DigestValue>
            </Reference>
        </Manifest>
        <SignatureProperties>
            <SignatureProperty Id="idSignatureTime" Target="#SignatureIdValue">
                <SignatureTime xmlns="http://schemas.openxmlformats.org/package/2006/digital-signature">
                    <Format>YYYY-MM-DDThh:mm:ss.sTZD</Format>
                    <Value>2023-08-14T10:37:10.2+02:00</Value>
                </SignatureTime>
            </SignatureProperty>
        </SignatureProperties>
    </Object>
</Signature>