Managing Data Archiving

SigningHub provides data archiving of files while assuring the security of these files. To achieve data security with archived files, SigningHub uses Associated Signature Container (ASiC). ASiC is a standard approach that makes sure that nothing is changed/altered in the archived files. The archived folder will be a zip file with a .asice extension. SigningHub uses the Associated Signature Container - Extended (ASiC-E) format that specifies the use of container structures to bind together one or more signed files.

Data Archiving

SigningHub sends a zip file to the location provided within "Archived File Path>Data Settings" after the user "Archive an Account". The zip file contains the data that is required to be backed up by the user.

The zip file contains the following data:

  • User Profile

  • User Document Packages owned by the archived account

  • User Document packages Evidence Report

  • User Document Packages Logs

Archived File Structure

The archived file will be with .asic extension and it will be in zip format. As the zip file is extracted, the following files and folders will appear:

  • Files

    • Packages

    • Profile

    • Mapping File

    • Error File (in case document does not exist or it is corrupted)

  • META-INF

  • mimetype

  • Signer Certificate

  1. The internal structure of ASiC-E includes two folders: the root folder and the META-INF folder. A root folder stores all the container’s content.

    • META-INF folder resides in the root folder and contains files that hold metadata about the content, including its associated signature.

    • mimetype file is placed within the root folder that identifies file formats, and it is the first entry in the zip file.

    • The “Files” folder will contain all the user data that is archived. It will contain packages (all user-owned documents), a profile (csv file of user information) and a mapping file.

Verification of Archived Data

To achieve data security with archived files, SigningHub uses an ASiC-E container. Administrators can use a verification utility to verify the ASiC-E Signature Container.

  • An ASiC-E signature container verification utility will be used to verify the signature. it will require a public certificate to verify the signature

  • It performs the following operations to validate the ASiC-E container.

    • Verify the signature (p7) file structure and validate the signing certificate from the signer info of the signature file.

    • Validate that the first entry must be a mimetype file in an ASiC-E container.

    • Validate the Manifest file structure and read the file META-INF/manifest.xml to get details of each file in the container.

    • Extract signature entry from the manifest file and all ASiC-E container entries.

    • Validate all entries of the ASiC-E container by comparing the following properties:

      • File Name

      • File placement path at the time of creating the ASiC-E container.

      • File digest

If any file has been modified, then it will be identified while comparing the digest of the file with the one stored in the manifest file.

  1. The verification utility can be provided on demand from the support centre.

PreviousManaging SigningHub LanguagesNextManaging Custom Appearance

Last updated