Implementation of an S-100 compatible Digital Signature Scheme for BAG files.

[brian-r-calder]

At the WG meeting at CHC'24, documented here, the WG agreed to move ahead with reintroducing functionality for a Digital Signature Scheme to the BAG support library. A DSS was a component of the original BAG specification, but was not part of the API 2.0 release due to limited resources to refactor the required code and replace the support library, which was by then unsupported by its primary developer.

In the meantime, the IHO has defined a DSS in S-100 part 15, along with encryption schemes (not required here), for all S-100 products. This functionality defines a FIPS 186-compatible scheme for signatures, and uses the OpenSSL package to support certificate generation, CA functionality, etc.

This request is therefore to:

1. Re-establish functionality for a FIPS-186/S-100 part 15 digital signature scheme within the BAG support library, based on the OpenSSL library.
2. Develop and incorporate tools to exercise the OpenSSL functionality in a manner compatible with S-100 part 15 to generate the CA root certificates, chain of trust, and data generator signing certificates.
3. Develop and incorporate tools to apply these certificates to BAG files, and to verify the signatures on a file.
4. Update the BAG FSD to reflect any changes necessary from the modifications above.
5. Provide user documentation for the tools at 2/3 in order to support their use in the field.

The goal of providing tools is not full functionality in a production mode, but to demonstrate how the certificate chain could be constructed for a separate organisation (e.g., a hydrographic office) as an alternative to using the IHO certificate authority, and to show how signatures can be added and verified.