Signing the response from MAS

If the MAS system would like to sign the response back to ‘MAS-to-Mosip’ queue, how can this be done? Are there provisions for the same or any such signature should be managed outside of the response packet?

The signature is around the comments & approval/rejection of the manual deduplication.

If supported, would like to know how the packet will look like?

The example illustrated do not seem to indicate any signature support.

Hi @srinathv , The MAS system is designed to run inside same country private network just like ABIS system. It has to follow same API spec published by MOSIP to communicate and additional signing is not supported. Kindly let me know if you have any further doubt.

Hi @srinathv

Thank you for your inquiry regarding the signature response in the ‘MAS-to-MOSIP’ communication. We appreciate your interest in enhancing the security measures for data exchange.

Currently, the MOSIP system does not provide an in-built feature for generating signature responses. In cases where a signature response is required, we recommend managing the signature process outside of the response packet. The MAS system can implement its own digital signature mechanism and include the signature in the response data before sending it back to the ‘MAS-to-MOSIP’ queue.

To ensure the authenticity and integrity of the response, the signature can be generated using the private key of the MAS system and verified at the receiving end, which is MOSIP, using the corresponding public key.

If you have any further questions or require additional information, please do not hesitate to contact us one of our team member @Monobikash will guide you.

Best Regards,

Got the perspective! Thanks @Monobikash & @sanchi-singh24

For any digital signing from MAS, this should be outside the ‘MAS-to-Mosip’ queue and the payload to the queue itself shouldn’t be signed.

Yes, It’s good to maintain the signature in the manual adjudication audit records for future verification or you can invoke the audit API of MOSIP and publish the details there.

1 Like