SignedSecureElement Object

The SignedSecureElement object is a JWS (RFC 7515) object using the Flattened JSON Serialization Syntax (section 7.2.2).

{
  "payload": BASE64URL(UTF8(SecureElement)),
  "protected": BASE64URL(UTF8(SignedSecureElementProtectedHeader)),
  "header": {
    "uniqueId": "0123f1822c38dd7a01"
  },
  "signature": BASE64URL(JWS Signature)
}

RFC 7515 section 7.2.1 provides definitions for the encoding and contents of the JWS members being used in this object. Below are some quick summaries and additional details about these members and the specific features being used.

payload
An encoded SecureElement object, which is the primary content being signed. All information about the secure element is contained here.
protected
An encoded SignedSecureElementProtectedHeader object, which describes how to verify the signature.
header
JWS unprotected header. This object contains the unique ID member repeated from the SecureElement object in the payload. The unprotected header is not part of the signed data in the JWS; therefore, it does not need to be encoded and is included to facilitate plain-text searches of the manifest without needing to decode the payload.
signature
The encoded JWS signature of the payload and protected members.