Skip to content

RSA Entity Authentication

Wesley Miaw edited this page Jun 11, 2014 · 1 revision

The RSA entity authentication scheme only provides authentication using an RSA key pair. The public key is shared out-of-band or over an authenticated channel and identified by a public key ID.

This authentication scheme is suitable for use by trusted services servers where the public key is provided to the client out-of-band. Encryption of application data is possible once the client has been issued a master token.

This scheme is identified by the string RSA.

Authentication Data Representation

authdata = {
  "#mandatory" : [ "identity", "pubkeyid" ],
  "identity" : "string",
  "pubkeyid" : "string"
}

Authentication

The RSA signature is computed using SHA256withRSA and included as raw bytes within a version 1 MSL signature envelope.

Clone this wiki locally