The Signature Activation Data (SAD) is a data structure that contains the following components:
-
the Identity Token of the user
-
the KeyID of the key to be used for the server signature
-
the hash value to be used for signatures
-
the hash algorithm used for signature generation
The SAD have the following simplified structure: {SignerAuthenticationData, KeyID, DTBS/R, Algorithm}. Below is the more detailed ASN.1 definition of the SAD data structure used.
-- SAD
SADTBS ::= SEQUENCE {
identityToken SignedIdentityToken,
keyid Directory String,
hashAlgorithm AlgorithmIdentifier,
tbsHashValues SEQUENCE OF OCTET STRING
}
SAD ::= SEQUENCE {
tbs SADTBS,
signature OCTET STRING
}