Introduction to DigSigs
DigSigs are open, industry standard ISO/IEC 20248 compliant tokens for securely communicating the authenticity and integrity of claims between two parties. DigSigs are designed to be native to the domain of barcodes and RFID.
What is a DigSig?
A DigSig is a binary data string which consists out of an encoded data structure AND a digital signature which is used in the verification process. For a binary string to be recognized as a DigSig it should adhere to the international standard ISO/IEC 20248.
Any user who encounters a DigSig out in the wild can decode the content of a DigSig and then also verify the integrity and the authenticity of the contents by following the rules defined in the standard. Such a verifier would then be
the content of the data was created by a known issuer;
the sender cannot deny having issued the data; and
the content of the data was not altered in transit (integrity).
DigSigs have been specifically designed for the domains of barcodes and RFID but it can also be used in many other domains where small data carriers are used and the authenticity and integrity of the data
DigSigs come in two flavors, also known as envelope types. These are “
Use URI envelopes when you are not very constrained in terms of space, and you want to allow members of the public to still be able to scan and verify your DigSigs using a generic 2D barcode scanner. Even though the DigSig will be verified using an online check it makes verification possible to a wider audience.
RAW envelopes should be used in scenarios where you are constrained in terms of space and where you would expect a DigSig aware scanner to be reading your medium. This includes smaller barcodes and RFID solutions.