The StreamGuru MHEG-5 Signing Utility

Technical background

The Interaction Channel Extension for MHEG-5 mandates the use of hash-files and cryptographic signatures for executable MHEG-5 content and other material being loaded over HTTP/HTTPS. This mechanism involved a number of files with fixed filenames. Some of them need to be included in the DSM-CC carousel of the broadcast. Some of them need to be hosted together with the referenced material.

 

File	Location	Contents
auth.cert.1	Carousel	X.509 certificate used to sign the auth.hash on the webserver
auth.tls.1	Carousel	X.509 certificate for TLS connections to the webserver (Warning: TLS features & parameters mandated in the latest MHEG specifications are considered unsecure today !)
auth.server	Carousel	A text file describing which servers/domains the receiver is allowed to talk to in the context of the application.
auth.hash	Webserver	A file containing hash values of other files stored on the webserver
auth.sig.1	Webserver	A file containing a cryptographically signed hash of the auth.hash file.

The Utility

The GkWare MHEG-5 Signing utility allows you to create, unpack and manipulate most of these files. 

Usage:

       To unpack a certificate blob into individual files:
           MHEGSignTool.cpp unpackcertlist 
       To pack multiple certificates into a blob:
           MHEGSignTool.cpp packcertlist   [input file 2] [...]
       To verify hashes inside an auth.hash file:
           MHEGSignTool.cpp verifyauthhash 
       To build an auth.hash file:
           MHEGSignTool.cpp buildauthhash   [input file 2] [...]
       To verify an auth.sig.x file:
           MHEGSignTool.cpp verifyauthsig   
       To build an auth.sig.x file:
           MHEGSignTool.cpp buildauthsig    

 

Price: 500€ (+ 19% German VAT) - License controlled via USB Dongle
This is a commandline executable (= no graphical UI) available for Windows and Linux operating systems.