CreateSignature method (ILEADDicomDS Interface)
|
short CreateSignature(BSTR bstrPrivateKeyFile, BSTR bstrCertificateFile, BSTR bstrPassword, BSTR bstrMacTransferSyntax, DicomMacAlgorithm MacAlgorithm, VARIANT_BOOL bElementsToSign, DicomSecurityProfile SecurityProfile, short nReserved); | |
|
Overview |
Refer to Working with Digital Signatures. |
Remarks
The CreateSignature method creates a Digital Signature in the Data Set. Before calling the method, the CurrentElement property must be updated either with 0 or with an Item of a Sequence of Items in the Data Set. If the property is updated with 0, the Digital Signature will be created in the main Data Set. If the property is updated with an Item, the Digital Signature will be created in the specified Item. In case of success, the CurrentElement property will be updated with the new Digital Signatures Sequence Item that corresponds to the newly created Digital Signature.
The bstrMacTransferSyntax parameter specifies the Transfer Syntax in which the Data Elements included in the Message Authentication Code (MAC) calculation should be encoded. This Transfer Syntax must explicitly include the Value Representation (Explicit VR) and it must use the Little Endian Byte ordering. If the specified Transfer Syntax doesn’t fulfill this condition, the method will behave as if the parameter were set to NULL or to an empty string.
If bstrMacTransferSyntax is set to NULL or to an empty string, the method will use the Transfer Syntax in which the Data Set is currently encoded if this Transfer Syntax fulfills the condition mentioned in the previous paragraph. If it doesn’t, the method will use the Explicit VR Little Endian Transfer Syntax.
With the parameter bElementsToSign set to VARIANT_TRUE, you can use the LongValues property and the LongValueCount property to specify the Data Elements to be covered by the new Digital Signature. These Data Elements, which are indicated by their Tags, must be on the root of the Data Set if the Digital Signature is being created in the main Data Set. If the Digital Signature is being created in an Item, then they must be located immediately under that Item. Any Tag that doesn’t specify an existing Data Element in the expected location will be ignored. Also, any Tag that specifies a Data Element that cannot be signed according to the standard will be ignored as well.
If bElementsToSign is set to VARIANT_FALSE, or if it is set to VARIANT_TRUE while the LongValueCount property is 0, the method will sign all the Data Elements that can be signed according to the standard and that exist on the root of the Data Set, if the CurrentElement property is set to 0, or immediately under the Item specified by the CurrentElement property.
Digital Signature Security Profiles put restrictions and add specifications. For example, the RSA Security Profiles require the use of RSA encryption. Therefore, the method will fail if one of these Security Profiles is used while the specified keys are DSA keys. Another example is that the Creator and Authorization RSA Digital Signature Profiles require that, as a minimum, certain Data Elements must be signed if they exist. Therefore, if one of these Security Profiles is used, the method will sign any existing Data Element that is required, even if this Data Element is not included in the array specified by the LongValues property (when bElementsToSign is set to VARIANT_TRUE).
See Also