2.4 SignedSecureElement Object
The SignedSecureElement object is a JWS (RFC 7515) object using the Flattened JSON Serialization Syntax (section 7.2.2).
{
"payload": BASE64URL(UTF8(SecureElement)),
"protected": BASE64URL(UTF8(SignedSecureElementProtectedHeader)),
"header": {
"uniqueId": "0123f1822c38dd7a01"
},
"signature": BASE64URL(JWS Signature)
}RFC 7515 section 7.2.1 outlines the encoding and contents of
the JWS members used in this object. Below are brief summaries and additional details
about these members and the specific features being used.
| payload | An encoded SecureElement object, which is the primary content being signed. All information about the secure sub-system device is contained here. |
| protected | An encoded SignedSecureElementProtectedHeader object, which describes how to verify the signature. |
| header | The JWS unprotected header. This object contains the unique ID member repeated from the SecureElement object in the payload. The unprotected header is not part of the signed data in the JWS; therefore, it does not need to be encoded and is included to facilitate plain-text searches of the manifest without needing to decode the payload. |
| signature | The encoded JWS signature of the payload and protected members. |