The StreamGuru MHEG-5 Signing Utility
Technical background
The Interaction Channel Extension for MHEG-5 mandates the use of hash-files and cryptographic signatures for executable MHEG-5 content and other material being loaded over HTTP/HTTPS. This mechanism involved a number of files with fixed filenames. Some of them need to be included in the DSM-CC carousel of the broadcast. Some of them need to be hosted together with the referenced material.
File | Location | Contents |
auth.cert.1 | Carousel | X.509 certificate used to sign the auth.hash on the webserver |
auth.tls.1 | Carousel | X.509 certificate for TLS connections to the webserver (Warning: TLS features & parameters mandated in the latest MHEG specifications are considered unsecure today !) |
auth.server | Carousel | A text file describing which servers/domains the receiver is allowed to talk to in the context of the application. |
auth.hash | Webserver | A file containing hash values of other files stored on the webserver |
auth.sig.1 | Webserver | A file containing a cryptographically signed hash of the auth.hash file. |
The Utility
The GkWare MHEG-5 Signing utility allows you to create, unpack and manipulate most of these files.
Usage:
To unpack a certificate blob into individual files: MHEGSignTool.cpp unpackcertlist To pack multiple certificates into a blob: MHEGSignTool.cpp packcertlist [input file 2] [...] To verify hashes inside an auth.hash file: MHEGSignTool.cpp verifyauthhash To build an auth.hash file: MHEGSignTool.cpp buildauthhash [input file 2] [...] To verify an auth.sig.x file: MHEGSignTool.cpp verifyauthsig To build an auth.sig.x file: MHEGSignTool.cpp buildauthsig
Price: 500€ (+ 19% German VAT) - License controlled via USB Dongle
This is a commandline executable (= no graphical UI) available for Windows and Linux operating systems.