Songuard Digital Signature

1. Description of Terms

Term	Description
Digital Signature	A digital signature is a mathematical scheme for presenting the authenticity of digital messages or documents.
Digest/Hash	It is a mathematical algorithm that maps data of an arbitrary size to a bit string of a fixed size (a hash) and is designed to be a one-way function, a function which is impossible to invert. Digest/Hash has the following properties: It is deterministic so the same message always results in the same hash. It is quick to compute the hash value for any given message. It is impossible to generate a message from its hash. A small change to a message will change the hash value, and the new hash value will not correlate with the old hash value. It is impossible to find two different messages with the same hash value.
Private Key	Key (large random number) which is known to the owner, in this case Songuard. This key resides on the server and is used to create a digital signature. This key will not be shared with anyone.
Public Key	Key (large random number) which is generated by Songuard and shared with the user to verify the digital signature.

2. Digital Signature

2.1. Songuard Flow

2.2 Digital Signature file

The “responseDocument.xml” file in the zip file attached to the submission response email contains the integrity information of the submission. The image below describes each tag value (<…> and </…> are called the start and end tags respectively and the text between the start and end tag is called the value).