Main Content

Sign a Protected Model

A digital signature is a method of verifying information about the origin of a digital message or file. You can digitally sign a protected model to allow the user of the model to verify:

  • That the model was created by you, the publisher that signed the model.

  • That the model was not changed after you signed it.

By using digital signature validation, the recipient can detect issues, such as an unfamiliar publisher or a tampered model, before opening or executing a protected model.

These parties interact in the digital signing workflow:

  • The creator of the protected model

  • The recipient who uses the protected model

  • An external certificate authority (CA) that the creator and the recipient trust

To exchange a protected model with certificate validation, they use this workflow:

  1. The certificate authority provides a digital certificate, which proves that a public key belongs to the creator of the model. The certificate authority also provides the corresponding public certificate to the model recipient.

  2. The creator signs the protected model by using the private key that corresponds to the public key in the certificate. The creator sends the signed protected model to the recipient.

  3. The recipient verifies the signature on the protected model. Verification compares the signature on the model to the certificate attached to the model and to the certificate of the CA. Verification fails if:

    • The protected model was changed after it was signed.

    • The protected model was not signed.

    • The protected model was signed with an expired certificate.

    • The protected model was self-signed with a certificate issued by the author.

    • The protected model was signed with a certificate for which the key usage does not include digital signing.

    • The protected model was signed with a missing or invalid certificate.

    • The certificate of the CA is missing in your system or is invalid.

As the model creator, you generate a public-private key pair and obtain a certificate for the public key from the CA. Then, you create a PKCS #12 file (.pfx file or .p12 file) that includes the private key and the certificate. Because the PKCS #12 file contains the private key, it is typically password-protected. Follow this workflow to sign your protected model before you send it to the recipient.

Sign Your Protected Model

To sign a protected model, use a certificate that is issued to you by a certificate authority (CA) that you and the user of the model both trust. If you sign a protected model using a self-signed certificate or a certificate issued by an internal CA, the recipient’s system must trust the certificate for the signature validation to succeed. Using a self-signed certificate to sign protected models is not recommended.

  1. Locate the PKCS #12 file that you or your organization created from the private key and the certificate. The file must have a .pfx or .p12 extension.

  2. Protect the model that you want to sign. The protected version of the model has the extension .slxp.

  3. Provide the password for the PKCS #12 file.

    Simulink.ModelReference.ProtectedModel.setPasswordForCertificate('certificate_file.pfx',...
    'password');
  4. Sign the model by using the PKCS #12 file.

    Simulink.ProtectedModel.sign('protected_model.slxp','certificate_file.pfx');

Your protected model is now signed with the PKCS #12 file. Do not change the protected model after you sign it. If you or another party changes the signed protected model, verification of the signature fails and the protected model cannot be used.

The recipient can verify the protected model by using the function Simulink.ProtectedModel.verifySignature or by selecting the Simulink® preference Verify digital signature of protected model before opening. For more information, see Reference Protected Models from Third Parties.

See Also

Related Topics