PNG Chunk Registration Request for Digital Signature Support

Dear Sirs,

 

Due to increasing requirements for using digital signatures to securely exchange, publish and/or archive data of various formats, there are also emerging requests for individual formats in supporting digital signatures.

 

Although a widely adopted generic container format standard already exists for digital signatures, i.e. CMS (cf. www.ietf.org/rfc/rfc3852.txt), format-specific support is also desirable for providing enveloped signatures, which opt in favor of attaching a signature as hidden background information so that ordinary processing tools are not impacted by an attached signature. At the same time the data instance (file, document, image) could be verified with respect to an attached signature if present.

 

Currently, concrete requirements exist for digital signature support concerning PNG format. These requirements comprise use cases like publishing signed PNGs on websites, archiving scanned (hand-written) documents, and various other purposes.

 

Unfortunately, the PNG standard does currently not address digital signatures. Enclosed please find a registration request for a new optional PNG chunk type in order to support enveloped digital PNG signatures (and also message authentication codes) in a generic manner. This proposal uses the CMS standard as a sub-format in order to cover any possible technical requirements, while providing compatibility with future extensions and existing processing tools (editors and viewers).

 

The attached proposal has been drafted by Dialogika GmbH (www.dialogika.de) in its capacity as a service provider to LuxTrust S.A. (www.luxtrust.lu). 

 

 

LuxTrust S.A.

Based in Luxembourg, LuxTrust S.A. has been created in November 2005 by the Luxembourg Government and several important companies from the public and private sector in the Grand-Duchy of Luxembourg in order to face the increasing need for security and confidentiality in the electronic commerce and in the Internet-based relationships between citizens, administrations and companies.

LuxTrust S.A. is a certification authority delivering electronic certificates for people authentication and secure electronic signatures in Internet- and Intranet-transactions. As a trusted third party, LuxTrust furthermore guarantees highly secured electronic certification services.

For more information about LuxTrust please visit www.luxtrust.lu <http://www.luxtrust.lu/> , section « Qui sommes nous? <https://www.luxtrust.lu/index.php?id=5>  ».

 

 

DIaLOGIKa GmbH

is a German systems and software house founded in 1982 and conducts projects on behalf of industry, finance, and governmental and supranational clients such as the institutions of the European Union (EU). 

DIaLOGIKa has contributed to the open source community by actively participating in the development of the W3C's http reference server. DIaLOGIKa has adopted Java since its very beginning for creating software and solutions, in addition to actively promoting the further development of Java by joining the JCP (Java Community Process) in 2001.

From the beginning DIaLOGIKa has focused on technically demanding projects in the field of multilingual text and data processing, security solutions, PKI consulting, specification and implementation. 

 

The author of the specification proposal ‑ a senior architect of DIaLOGIKa ‑ has long-term experience with internet standards in various fields, especially in the PKI sector. He also contributes to the open source community, e.g. by adding TLS support to the W3C Jigsaw http server.

 

 

Please don’t hesitate to contact us by email, phone or otherwise if you have any questions concerning our attached proposal.

 

 

Sincerely,

 

Thomas Kopp

 

Senior Architect, Project Leader

ph: +49 6897 935 124 

fax: +49 6897 935 424

www.dialogika.de

 

Dialogika GmbH

Pascalschacht 1

D-66125 Saarbrücken

HRB 7347