Data signing

Label data signing

When the label data has been created, it can be signed.

JWT

Signing is done via JSON Web Tokens, an open, industry standard RFC 7519 method for representing claims securely between two parties.

The website “jwt.io” holds all information on this standard. It includes a list of libraries for all programming languages.

Signing involves a private and a public certificate. The private certificate should be secured and protected and only used in one place, on the airline back-end. The public certificate must be shared with BAGTAG so it can be used to validate the data to be signed with the private certificate.

Creating JWT data

Below is a pseudo-code example on creating a signed JWT package.
// Create payload object
var payload = {
    "timeStamp":"2019-02-03T11:43:26Z",
    "pnr": "L9XCR2",
    "destinationName": "JFK",
    "sequenceNumber": "001",
    "licensePlateCode": "0220998547",
    "flightdate": "205",
    "flightdateYear": "2019",
    "issuingStation": "JNB",
    "flightData": "SA02042051115JFKX",
    "passengerNameData": "VANZANDT/CHRIS",
    "airlineFrequentFlyerLevel": "Q",
    "showGreenBars": null,
    "optionalData": null,
    "layoutField01": "PRIORITY"
};

// Read private key
var privateKey = ReadFile('private-key.pem');

// Set algorithm
var alg = JwsAlgorithm.RS512;

// Create JWT package
var signed = jwt.sign(payload, privateKey, alg);

/* signed =  
eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsIng1dCI6ImhDQk9NUVZQR19UbHNTNVhJZ0J3RUdpcy1J
VT0ifQ.eyJ0aW1lU3RhbXAiOiIyMDE5LTAyLTAzVDExOjQzOjI2WiIsInBuciI6Ikw5WENSMiIsImRlc
3RpbmF0aW9uTmFtZSI6IkpGSyIsInNlcXVlbmNlTnVtYmVyIjoiMDAxIiwibGljZW5zZVBsYXRlQ29kZ
SI6IjAyMjA5OTg1NDciLCJmbGlnaHRkYXRlIjoiMjA1IiwiZmxpZ2h0ZGF0ZVllYXIiOiIyMDE5Iiwia
XNzdWluZ1N0YXRpb24iOiJKTkIiLCJmbGlnaHREYXRhIjoiU0EwMjA0MjA1MTExNUpGS1giLCJwYXNzZ
W5nZXJOYW1lRGF0YSI6IlZBTlpBTkRUL0NIUklTIiwiYWlybGluZUZyZXF1ZW50Rmx5ZXJMZXZlbCI6I
lEiLCJzaG93R3JlZW5CYXJzIjpudWxsLCJvcHRpb25hbERhdGEiOm51bGwsImxheW91dEZpZWxkMDEiO
iJQUklPUklUWSJ9.zhaGhZsd6QIRUGzbbTipkj1p041siOes6bJr4i_Az7JizKJlrohncLwQev9VZspV
zD18n1EcVq3RpfQ3C3PSTIYcSCTn2cT1I16u1n_5DOt60NOPz8KK3-Zu2WfOeRcCkcbMJGKuuvFBz0w_
pNaNu-L6IB5cOhb2F-1avYTn36q8iDs_-KgeiEqLlS3XQ83iSz7t9MK2IWoZi4xggP8SXaz3xVKhqS7A
JjJUau5rQmcnOZQ16RABJ4AthzyytWazAcjiPwIUa8QmkXxobwBgbMWIoMOGh-r419NvEbi5Rs-Zes5P
mG-sjjjUl2VKudeuzF0dP7ub8NYzNSghXRsSbg */
The result from this code is a JWT-signed string that contains a header, payload and signature. This package should be send from the airline backend to the EBT Framework in the mobile app.

Validating

jwt.io can be used to verify a signed jwt package. You’ll need your public key in pem format and a JWT packaged signed with your private key. Paste your signed jwt package and public key into the appropriate boxes.

It is also possible to check the JWT data against the BAGTAG environment. After sending your certificate to BAGTAG you can verify the certificate is correctly installed with the following API call.

https://sdktest-api.bagtag.com/api/flightdatapackage/verify?jwt=eyJhbGciOiJSUzUx...

The api takes the signed jwt package string as its sole parameter ( ?jwt=eyJhbGci…etc ) via a GET request.

The api will verify your signature and report any error found. If no errors are found the decoded payload of your signed jwt package is echoed back.

Okay! What's next?

Create a certificate to try it out.



Any questions about integration? Reach out to integration@bagtag.com

We're here to help

Please fill in your details and we will contact you.