Tag | (0400,0404) |
---|---|
Type | Required (1) |
Keyword | MAC |
Value Multiplicity | 1 |
Value Representation | Other Byte String (OB) |
The MAC generated as described in Section C.12.1.1.3, but unencrypted and without inclusion of fields from the Digital Signatures Sequence. See Section C.12.1.1.3.1.2.
This Macro allows Digital Signatures to be included in a DICOM Data Set for the purpose of insuring the integrity of the Data Set, and to authenticate the sources of the Data Set. Table C.12-6 defines the Attributes needed to embed a Digital Signature in a Data Set. This Macro may appear in individual Sequence Items as well as in the top level Data Set of the SOP Instance.
Each Item of a Sequence of Items is a Data Set. Thus, individual Sequence Items may incorporate their own Digital Signatures in addition to any Digital Signatures added to the Data Set in which the Sequence appears.
The inclusion of this Macro in Sequence Items, other than as specified in this Part of the Standard, may be specified in an application-defined Standard Extended SOP Class or Private SOP Class (see PS3.2).
Table C.12-6. Digital Signatures Macro Attributes
Attribute Name |
Tag |
Type |
Attribute Description |
---|---|---|---|
MAC Parameters Sequence |
(4FFE,0001) |
3 |
A Sequence of Items that describe the parameters used to calculate a MAC for use in Digital Signatures. One or more Items shall be included in this Sequence. |
>MAC ID Number |
(0400,0005) |
1 |
A number, unique within this SOP Instance, used to identify this MAC Parameters Sequence (4FFE,0001) Item from an Item of the Digital Signatures Sequence (FFFA,FFFA). |
>MAC Calculation Transfer Syntax UID |
(0400,0010) |
1 |
The Transfer Syntax UID used to encode the values of the Data Elements included in the MAC calculation. Only Transfer Syntaxes that explicitly include the VR and use Little Endian encoding shall be used. NoteCertain Transfer Syntaxes, particularly those that are used with compressed data, allow the fragmentation of the pixel data to change. If such fragmentation changes, Digital Signatures generated with such Transfer Syntaxes could become invalid. |
>MAC Algorithm |
(0400,0015) |
1 |
The algorithm used in generating the MAC to be encrypted to form the Digital Signature. For Defined Terms, see Table C.12.1.1.3.1.2-1, “Defined Terms for MAC Algorithm (0400,0015)”. |
>Data Elements Signed |
(0400,0020) |
1 |
A list of Data Element Tags in the order they appear in the Data Set that identify the Data Elements used in creating the MAC for the Digital Signature. See Section C.12.1.1.3.1.1. |
Digital Signatures Sequence |
(FFFA,FFFA) |
3 |
Sequence holding Digital Signatures. One or more Items are permitted in this Sequence. |
>MAC ID Number |
(0400,0005) |
1 |
A number used to identify which MAC Parameters Sequence Item was used in the calculation of this Digital Signature. |
>Digital Signature UID |
(0400,0100) |
1 |
A UID that can be used to uniquely reference this signature. |
>Digital Signature DateTime |
(0400,0105) |
1 |
The date and time the Digital Signature was created. The time shall include an offset (i.e., time zone indication) from Coordinated Universal Time. NoteThis is not a certified timestamp, and hence is not completely verifiable. An application can compare this date and time with those of other signatures and the validity date of the certificate to gain confidence in the veracity of this date and time. |
>Certificate Type |
(0400,0110) |
1 |
The type of certificate used in (0400,0115). Defined Terms:
NoteDigital Signature Security Profiles (see PS3.15) may require the use of a restricted subset of these terms. |
>Certificate of Signer |
(0400,0115) |
1 |
A certificate that holds the identity of the entity producing this Digital Signature, that entity's public key or key identifier, and the algorithm and associated parameters with which that public key is to be used. Algorithms allowed are specified in Digital Signature Security Profiles (see PS3.15). Note
|
>Signature |
(0400,0120) |
1 |
The MAC generated as described in Section C.12.1.1.3.1.1 and encrypted using the algorithm, parameters, and private key associated with the Certificate of the Signer (0400,0115). See Section C.12.1.1.3.1.2. |
>Certified Timestamp Type |
(0400,0305) |
1C |
The type of certified timestamp used in Certified Timestamp (0400,0310). Required if Certified Timestamp (0400,0310) is present. Defined Terms:
NoteDigital Signature Security Profiles (see PS3.15) may require the use of a restricted subset of these terms. |
>Certified Timestamp |
(0400,0310) |
3 |
A certified timestamp of the Digital Signature (0400,0120) Attribute Value, which shall be obtained when the Digital Signature is created. See Section C.12.1.1.3.1.3. |
>Digital Signature Purpose Code Sequence |
(0400,0401) |
3 |
The purpose of this Digital Signature. Only a single Item is permitted in this Sequence. |
The Data Elements Signed Attribute shall list the Tags of the Data Elements that are included in the MAC calculation. The Tags listed shall reference Data Elements at the same level as the Mac Parameters Sequence (4FFE,0001) Data Element in which the Data Elements Signed Attribute appears. Tags included in Data Elements Signed shall be listed in the order in which they appear within the Data Set.
The following Data Elements shall not be included either implicitly or explicitly in the list of Tags in Data Elements Signed, nor included as part of the MAC calculation:
The Length to End (0008,0001) or any Tag with an element number of 0000 (i.e., no Data Set or group lengths may be included in MAC calculations)
Tags with a group number less than 0008
Tags associated with Data Elements whose VR is UN
Tags of Data Elements whose VR is SQ, where any Data Element within that Sequence of Items has a VR of UN recursively
Tags with a group number of FFFA (e.g., the Digital Signatures Sequence)
MAC Parameters Sequence (4FFE,0001)
Data Set Trailing Padding (FFFC,FFFC)
Item Delimitation Item (FFFE,E00D)
The Length to End and group lengths can change if non-signed Data Elements change, so it is not appropriate to include them in the MAC calculation.
Since the Data Element Tags that identify a Sequence and the start of each Item are included in the MAC calculation, there is no need to include the Item Delimitation Item Tags.
If any of the Data Element Tags in the list refer to a Sequence of Items, then the Tags of all Data Elements within all Items of that Sequence shall be implicitly included in the list of Data Elements Signed, except those disallowed above. This implicit list shall also include the Item Tag (FFFE,E000) Data Elements that separate the Sequence Items and the Sequence Delimitation Item (FFFE,E0DD).
It is possible to sign individual Items within a Sequence by including the Digital Signatures Macro in that Sequence Item. In fact, this is a highly desirable feature, particular when used in the context of reports. The Digital Signatures Macro is applied at the Data Set level, and Sequences of Items are merely Data Sets embedded within a larger Data Set. Essentially, the Digital Signatures Macro may be applied recursively.
An example of nesting Digital Signatures within Data Elements is illustrated in Figure C.12-1.
Figure C.12-1. Example of Nesting Digital Signatures (Informative)
In this example, there is main signature covering the pixel data and a few other Data Elements, plus two individually signed Items within a Sequence.
For Data Elements with a VR OB (e. g. pixel data) that have an undefined length (i.e., the data is encapsulated as described in PS3.5), the Item Data Element Tags that separate the fragments shall implicitly be included in the list of Data Elements Signed (i.e., a Data Element with a VR of OB is encoded in the same fashion as a Sequence of Items).
To generate the MAC, Data Elements referenced either explicitly or implicitly by the Tags in the Data Elements Signed (0400,0020) list shall be encoded using the Transfer Syntax identified by the MAC Calculation Transfer Syntax UID (0400,0010) of the MAC Parameters Sequence (0400,0010) Item where the Data Elements Signed (0400,0020) Attribute appears. Data shall be formed into a byte stream and presented to the algorithm specified by MAC Algorithm (0400,0015) for computation of the MAC according to the following rules:
For all Data Elements except those with a VR of SQ or with a VR of OB with an undefined length, all Data Element fields, including the Tag, the VR, the reserved field (if any), the Value Length, and the Value, shall be placed into the byte stream in the order encountered.
For Data Elements with a VR of SQ or with a VR of OB with an undefined length, the Tag, the VR, and the reserved field are placed into the byte stream. The Value Length shall not be included. This is followed by each Item Tag in the order encountered, without including the Value Length, followed by the contents of the Value for that Item. In the case of an Item within a Data Element whose VR is SQ, these rules are applied recursively to all of the Data Elements within the Value of that Item. After all the Items have been incorporate into the byte stream, a Sequence Delimitation Item Tag (FFFE,E0DD) shall be added to the byte stream presented to the MAC Algorithm, regardless of whether or not it was originally present.
Since the Value Length of Data Elements with a VR of SQ can be either explicit or undefined, the Value Lengths of such Data Elements are left out of the MAC calculation. Similarly, the Value Length of Data Elements with a VR of OB with an undefined length are also left out so that they are handled consistently. If such Data Elements do come with undefined lengths, including the Item Tags that separate the Items or fragments insures that Data Elements cannot be moved between Items or Fragments without compromising the Digital Signature. For those Data Elements with explicit lengths, if the length of an Item changes, the added or removed portions would also impact the MAC calculation, so it is not necessary to include explicit lengths in the MAC calculation. It is possible that including the Value Lengths could make cryptanalysis easier.
After the fields of all the Data Elements in the Data Elements Signed list have been placed into the byte stream presented to the MAC Algorithm according to the above rules, all of the Data Elements within the Digital Signatures Sequence Item except the Certificate of Signer (0400,0115), Signature (0400,0120), Certified Timestamp Type (0400,0305), and Certified Timestamp (0400,0310) shall also be encoded according to the above rules, and presented to the MAC algorithm (i.e., the Attributes of the Digital Signature Sequence Item for this particular Digital Signature are also implicitly included in the list of Data Elements Signed, except as noted above).
The resulting MAC code after processing this byte stream by the MAC Algorithm is then encrypted as specified in the Certificate of Signer and placed in the Value of the Signature Data Element.
The Transfer Syntax used in the MAC calculation may differ from the Transfer Syntax used to exchange the Data Set.
Digital Signatures require explicit VR in order to calculate the MAC. An Application Entity that receives a Data Set with an implicit VR Transfer Syntax may not be able to verify Digital Signatures that include Private Data Elements or Data Elements unknown to that Application Entity. This also true of any Data Elements whose VR is UN. Without knowledge of the Value Representation, the receiving Application Entity would be unable to perform proper byte swapping or be able to properly parse Sequences in order to generate a MAC.
If more than one entity signs, each Digital Signature would appear in its own Digital Signatures Sequence Item. The Digital Signatures may or may not share the same MAC Parameters Sequence Item.
The notion of a notary public (i.e., someone who verifies the identity of the signer) for Digital Signatures is partially filled by the authority that issued the Certificate of Signer.
Table C.12.1.1.3.1.2-1 lists the Defined Terms for MAC Algorithm (0400,0015).
Table C.12.1.1.3.1.2-1. Defined Terms for MAC Algorithm (0400,0015)
Defined Term |
Reference |
---|---|
RIPEMD160 |
|
MD5 |
NoteSee also security considerations in [RFC6151]. The use of MD5 is no longer recommended. |
SHA1 |
|
SHA224 |
|
SHA256 |
|
SHA384 |
|
SHA512 |
|
SHA512_224 |
|
SHA512_256 |
|
SHA3_224 |
|
SHA3_256 |
|
SHA3_384 |
|
SHA3_512 |
Security Profiles (see PS3.15) may restrict or extend the list of MAC algorithms that are permitted or required by a specific profile.
To generate a certified timestamp, the Value of the Signature (0400,0120) Attribute is transmitted to a third party, as specified by the protocol referred to by the Certified Timestamp Type (0400,0305) Attribute. The third party then generates and returns a certified timestamp in the form specified by that protocol. The certified timestamp returned by the third party is encoded as a stream of bytes in the Certified Timestamp Attribute.
The timestamp protocol may be specified by a Profile in PS3.15.
To generate the MAC, Data Elements referenced either explicitly or implicitly by the Tags in the Data Elements Signed (0400,0020) list shall be encoded using the Transfer Syntax identified by the MAC Calculation Transfer Syntax UID (0400,0010) of the MAC Parameters Sequence (0400,0010) Item where the Data Elements Signed (0400,0020) Attribute appears. Data shall be formed into a byte stream and presented to the algorithm specified by MAC Algorithm (0400,0015) for computation of the MAC according to the following rules:
For all Data Elements except those with a VR of SQ or with a VR of OB with an undefined length, all Data Element fields, including the Tag, the VR, the reserved field (if any), the Value Length, and the Value, shall be placed into the byte stream in the order encountered.
For Data Elements with a VR of SQ or with a VR of OB with an undefined length, the Tag, the VR, and the reserved field are placed into the byte stream. The Value Length shall not be included. This is followed by each Item Tag in the order encountered, without including the Value Length, followed by the contents of the Value for that Item. In the case of an Item within a Data Element whose VR is SQ, these rules are applied recursively to all of the Data Elements within the Value of that Item. After all the Items have been incorporate into the byte stream, a Sequence Delimitation Item Tag (FFFE,E0DD) shall be added to the byte stream presented to the MAC Algorithm, regardless of whether or not it was originally present.
Since the Value Length of Data Elements with a VR of SQ can be either explicit or undefined, the Value Lengths of such Data Elements are left out of the MAC calculation. Similarly, the Value Length of Data Elements with a VR of OB with an undefined length are also left out so that they are handled consistently. If such Data Elements do come with undefined lengths, including the Item Tags that separate the Items or fragments insures that Data Elements cannot be moved between Items or Fragments without compromising the Digital Signature. For those Data Elements with explicit lengths, if the length of an Item changes, the added or removed portions would also impact the MAC calculation, so it is not necessary to include explicit lengths in the MAC calculation. It is possible that including the Value Lengths could make cryptanalysis easier.
After the fields of all the Data Elements in the Data Elements Signed list have been placed into the byte stream presented to the MAC Algorithm according to the above rules, all of the Data Elements within the Digital Signatures Sequence Item except the Certificate of Signer (0400,0115), Signature (0400,0120), Certified Timestamp Type (0400,0305), and Certified Timestamp (0400,0310) shall also be encoded according to the above rules, and presented to the MAC algorithm (i.e., the Attributes of the Digital Signature Sequence Item for this particular Digital Signature are also implicitly included in the list of Data Elements Signed, except as noted above).
The resulting MAC code after processing this byte stream by the MAC Algorithm is then encrypted as specified in the Certificate of Signer and placed in the Value of the Signature Data Element.
The Transfer Syntax used in the MAC calculation may differ from the Transfer Syntax used to exchange the Data Set.
Digital Signatures require explicit VR in order to calculate the MAC. An Application Entity that receives a Data Set with an implicit VR Transfer Syntax may not be able to verify Digital Signatures that include Private Data Elements or Data Elements unknown to that Application Entity. This also true of any Data Elements whose VR is UN. Without knowledge of the Value Representation, the receiving Application Entity would be unable to perform proper byte swapping or be able to properly parse Sequences in order to generate a MAC.
If more than one entity signs, each Digital Signature would appear in its own Digital Signatures Sequence Item. The Digital Signatures may or may not share the same MAC Parameters Sequence Item.
The notion of a notary public (i.e., someone who verifies the identity of the signer) for Digital Signatures is partially filled by the authority that issued the Certificate of Signer.
Table C.12.1.1.3.1.2-1 lists the Defined Terms for MAC Algorithm (0400,0015).
Table C.12.1.1.3.1.2-1. Defined Terms for MAC Algorithm (0400,0015)
Defined Term |
Reference |
---|---|
RIPEMD160 |
|
MD5 |
NoteSee also security considerations in [RFC6151]. The use of MD5 is no longer recommended. |
SHA1 |
|
SHA224 |
|
SHA256 |
|
SHA384 |
|
SHA512 |
|
SHA512_224 |
|
SHA512_256 |
|
SHA3_224 |
|
SHA3_256 |
|
SHA3_384 |
|
SHA3_512 |
Security Profiles (see PS3.15) may restrict or extend the list of MAC algorithms that are permitted or required by a specific profile.