Canonical Resource Management Infrastructure Implementation Guide
2.0.0-ballot - STU 2 - Ballot International flag

This page is part of the Canonical Resource Management Infrastructure Implementation Guide (v2.0.0-ballot: STU 2 Ballot) based on FHIR (HL7® FHIR® Standard) R4. This version is a pre-release. The current official version is 1.0.0. For a full list of available versions, see the Directory of published versions

: ExampleSignatureLibrary - JSON Representation

Page standards status: Informative

Raw json | Download

{
  "resourceType" : "Library",
  "id" : "ExampleSignatureLibrary",
  "meta" : {
    "extension" : [
      {
        "url" : "http://hl7.org/fhir/uv/crmi/StructureDefinition/crmi-artifact-signature",
        "valueSignature" : {
          "type" : [
            {
              "system" : "http://uri.etsi.org/01903/v1.2.2",
              "code" : "ProofOfCreation"
            }
          ],
          "when" : "2025-05-12T10:17:55.135Z",
          "who" : {
            "display" : "CRMI Server"
          },
          "sigFormat" : "application/jwt",
          "data" : "ZXlKaGJHY2lPaUpTVXpNNE5DSjkuZXlKcGMzTWlPaUpvZEhSd2N6b3ZMMnh2WTJGc2FHOXpkRG96TURBd0wyOXBaR01pTENKb1lYTm9Jam9pT0RreVl6azRaVGcyTmpCak0ySTROR1k0T0dObVptTTBOelU1T0Rnd1pXRTJaamN6WVdaaE9XWTFPR0UxWldVMVpHUXlaamhpTjJNME9ESTFNR1JqWVNKOS5UNTgxX1prUWVlN1JuSnBlUG5BcERJZ1d0SENPNkdVRmx0SEYzcmlNMHdFRUFNdVZLOFg2M09yQlpwUk1DRlpXd0o5X1JRazNKbzlxNFR5dTVXeG5aYUZ4eUgwY0RDczIxZ0Z1Q3RVYW5SZjRqZXAyWmZTaGpWam1tOTBBR3lBeno2RWVUb2RwV3lOTDQ4SnNfX1pTbUs4SGFoa0ZvczVEV1pkaTkzQlphbE9QdlItcEFuektneHlycmtkbUxGWkJqS0M2ZHJ6cWhmVHlUWTBQMnlMWlYweDZYM2J0dmtkY2NpOF90cUtEbDh4ejg0R3V0NGlIcjBmaXZQN0NiekJvSU82RGx3MWdTY0ZXYUU5QVRSRHZrVG5TWXUzSlZwdE1abzR4Z0tockwzWlFrdHJRWm0xQ0lROHRuTW41aENkVDdXLUR5c2VqeHhIOXQxMjhGWUJBMVEK"
        }
      }
    ]
  },
  "text" : {
    "status" : "extensions",
    "div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n<div>\n    <table class=\"grid dict\">\n        \n        \n\n        \n        \n        <tr>\n            <th scope=\"row\"><b>Id: </b></th>\n            <td style=\"padding-left: 4px;\">ExampleSignatureLibrary</td>\n        </tr>\n        \n\n        \n        \n        <tr>\n            <th scope=\"row\"><b>Version: </b></th>\n            <td style=\"padding-left: 4px;\">2.0.0-ballot</td>\n        </tr>\n        \n\n        \n        <tr>\n            <th scope=\"row\"><b>Url: </b></th>\n            <td style=\"padding-left: 4px;\"><a href=\"Library-ExampleSignatureLibrary.html\">ExampleSignatureLibrary</a></td>\n        </tr>\n        \n\n        \n        <tr>\n            <th scope=\"row\">\n                <b>\n                    \n                        \n                    \n                </b>\n            </th>\n            <td style=\"padding-left: 4px;\">\n                \n                <p style=\"margin-bottom: 5px;\">\n                    <span>urn:oid:2.16.840.1.113883.4.642.40.38.28.13</span>\n                </p>\n                \n            </td>\n        </tr>\n        \n\n        \n\n        \n\n        \n\n        \n        <tr>\n            <th scope=\"row\"><b>Type: </b></th>\n            <td style=\"padding-left: 4px;\">\n                \n                    \n                        \n                        <p style=\"margin-bottom: 5px;\">\n                            <b>system: </b> <span><a href=\"http://terminology.hl7.org/6.5.0/CodeSystem-library-type.html\">http://terminology.hl7.org/CodeSystem/library-type</a></span>\n                        </p>\n                        \n                        \n                        <p style=\"margin-bottom: 5px;\">\n                            <b>code: </b> <span>logic-library</span>\n                        </p>\n                        \n                        \n                    \n                \n                \n            </td>\n        </tr>\n        \n\n        \n\n        \n        <tr>\n            <th scope=\"row\"><b>Date: </b></th>\n            <td style=\"padding-left: 4px;\">2025-08-01 18:39:13+0000</td>\n        </tr>\n        \n\n        \n        <tr>\n            <th scope=\"row\"><b>Publisher: </b></th>\n            <td style=\"padding-left: 4px;\">HL7 International / Clinical Decision Support</td>\n        </tr>\n        \n\n        \n        <tr>\n            <th scope=\"row\"><b>Description: </b></th>\n            <td style=\"padding-left: 4px;\"><div><p>This example now demonstrates how to properly attach an artifact signature to a\nFHIR Library resource using the CRMI signature extension.</p>\n<p>The generated SHA256 checksum of the current resource (which excludes <code>id</code>,\n<code>text</code>, and <code>meta</code>), in minified JSON form is:</p>\n<pre><code>892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca\n</code></pre>\n<p>The signature <code>data</code> value after base64 decoding is a JWT:</p>\n<pre><code>eyJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozMDAwL29pZGMiLCJoYXNoIjoiODkyYzk4ZTg2NjBjM2I4NGY4OGNmZmM0NzU5ODgwZWE2ZjczYWZhOWY1OGE1ZWU1ZGQyZjhiN2M0ODI1MGRjYSJ9.T581_ZkQee7RnJpePnApDIgWtHCO6GUFltHF3riM0wEEAMuVK8X63OrBZpRMCFZWwJ9_RQk3Jo9q4Tyu5WxnZaFxyH0cDCs21gFuCtUanRf4jep2ZfShjVjmm90AGyAzz6EeTodpWyNL48Js__ZSmK8HahkFos5DWZdi93BZalOPvR-pAnzKgxyrrkdmLFZBjKC6drzqhfTyTY0P2yLZV0x6X3btvkdcci8_tqKDl8xz84Gut4iHr0fivP7CbzBoIO6Dlw1gScFWaE9ATRDvkTnSYu3JVptMZo4xgKhrL3ZQktrQZm1CIQ8tnMn5hCdT7W-DysejxxH9t128FYBA1Q\n</code></pre>\n<p>The decoded JWT payload contains the following fields:</p>\n<ul>\n<li><code>iss</code>: The issuer of the signature, which is the CRMI server URL.</li>\n<li><code>hash</code>: The SHA256 checksum of the resource in minified JSON form.</li>\n</ul>\n<pre><code>{\n  &quot;iss&quot;: &quot;https://localhost:3000/oidc&quot;,\n  &quot;hash&quot;: &quot;892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca&quot;\n}\n</code></pre>\n<p>The signature is created using the private key of the CRMI server, ensuring the\nintegrity and authenticity of the resource. Clients can verify JWT signature\nusing the public key provided by the CRMI server, and then verify the SHA256\nchecksum against the resource's content to ensure it has not been altered.</p>\n</div></td>\n        </tr>\n        \n\n        \n\n        \n\n        \n\n        \n        <tr>\n            <th scope=\"row\"><b>Jurisdiction: </b></th>\n            <td style=\"padding-left: 4px;\">001</td>\n        </tr>\n        \n\n        \n\n        \n\n        \n\n        \n\n        \n\n        \n\n        \n\n        \n\n        \n\n        \n    </table>\n</div>\n</div>"
  },
  "url" : "http://hl7.org/fhir/uv/crmi/Library/ExampleSignatureLibrary",
  "identifier" : [
    {
      "system" : "urn:ietf:rfc:3986",
      "value" : "urn:oid:2.16.840.1.113883.4.642.40.38.28.13"
    }
  ],
  "version" : "2.0.0-ballot",
  "status" : "active",
  "type" : {
    "coding" : [
      {
        "system" : "http://terminology.hl7.org/CodeSystem/library-type",
        "code" : "logic-library"
      }
    ]
  },
  "date" : "2025-08-01T18:39:13+00:00",
  "publisher" : "HL7 International / Clinical Decision Support",
  "contact" : [
    {
      "telecom" : [
        {
          "system" : "url",
          "value" : "http://www.hl7.org/Special/committees/dss"
        }
      ]
    }
  ],
  "description" : "This example now demonstrates how to properly attach an artifact signature to a\nFHIR Library resource using the CRMI signature extension.\n\nThe generated SHA256 checksum of the current resource (which excludes `id`,\n`text`, and `meta`), in minified JSON form is:\n```\n892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca\n```\n\nThe signature `data` value after base64 decoding is a JWT:\n```\neyJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozMDAwL29pZGMiLCJoYXNoIjoiODkyYzk4ZTg2NjBjM2I4NGY4OGNmZmM0NzU5ODgwZWE2ZjczYWZhOWY1OGE1ZWU1ZGQyZjhiN2M0ODI1MGRjYSJ9.T581_ZkQee7RnJpePnApDIgWtHCO6GUFltHF3riM0wEEAMuVK8X63OrBZpRMCFZWwJ9_RQk3Jo9q4Tyu5WxnZaFxyH0cDCs21gFuCtUanRf4jep2ZfShjVjmm90AGyAzz6EeTodpWyNL48Js__ZSmK8HahkFos5DWZdi93BZalOPvR-pAnzKgxyrrkdmLFZBjKC6drzqhfTyTY0P2yLZV0x6X3btvkdcci8_tqKDl8xz84Gut4iHr0fivP7CbzBoIO6Dlw1gScFWaE9ATRDvkTnSYu3JVptMZo4xgKhrL3ZQktrQZm1CIQ8tnMn5hCdT7W-DysejxxH9t128FYBA1Q\n```\n\nThe decoded JWT payload contains the following fields:\n- `iss`: The issuer of the signature, which is the CRMI server URL.\n- `hash`: The SHA256 checksum of the resource in minified JSON form.\n```\n{\n  \"iss\": \"https://localhost:3000/oidc\",\n  \"hash\": \"892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca\"\n}\n```\n\nThe signature is created using the private key of the CRMI server, ensuring the\nintegrity and authenticity of the resource. Clients can verify JWT signature\nusing the public key provided by the CRMI server, and then verify the SHA256\nchecksum against the resource's content to ensure it has not been altered.",
  "jurisdiction" : [
    {
      "coding" : [
        {
          "system" : "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code" : "001",
          "display" : "World"
        }
      ]
    }
  ]
}