FHIRsmith: Library/Library-ExampleSignatureLibrary.json

FHIR © HL7.org |

FHIRsmith 4.0.1 | Server Home | XIG Home | XIG Stats |

FHIR IG analytics

Package	hl7.fhir.uv.crmi
Resource Type	Library
Id	Library-ExampleSignatureLibrary.json
FHIR Version	R4

Resources that use this resource

No resources found

Resources that this resource uses

No resources found

Narrative

Note: links and images are rebased to the (stated) source

Id: ExampleSignatureLibrary

Version: 2.0.0-ballot

Url: ExampleSignatureLibrary

Id:	ExampleSignatureLibrary
Version:	2.0.0-ballot
Url:	ExampleSignatureLibrary
	urn:oid:2.16.840.1.113883.4.642.40.38.28.13
Type:	system: http://terminology.hl7.org/CodeSystem/library-type code: logic-library
Date:	2026-02-25 21:22:55+0000
Publisher:	HL7 International / Clinical Decision Support
Description:	This example now demonstrates how to properly attach an artifact signature to a FHIR Library resource using the CRMI signature extension. The generated SHA256 checksum of the current resource (which excludes `id`, `text`, and `meta`), in minified JSON form is: `892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca` The signature `data` value after base64 decoding is a JWT: eyJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozMDAwL29pZGMiLCJoYXNoIjoiODkyYzk4ZTg2NjBjM2I4NGY4OGNmZmM0NzU5ODgwZWE2ZjczYWZhOWY1OGE1ZWU1ZGQyZjhiN2M0ODI1MGRjYSJ9.T581_ZkQee7RnJpePnApDIgWtHCO6GUFltHF3riM0wEEAMuVK8X63OrBZpRMCFZWwJ9_RQk3Jo9q4Tyu5WxnZaFxyH0cDCs21gFuCtUanRf4jep2ZfShjVjmm90AGyAzz6EeTodpWyNL48Js__ZSmK8HahkFos5DWZdi93BZalOPvR-pAnzKgxyrrkdmLFZBjKC6drzqhfTyTY0P2yLZV0x6X3btvkdcci8_tqKDl8xz84Gut4iHr0fivP7CbzBoIO6Dlw1gScFWaE9ATRDvkTnSYu3JVptMZo4xgKhrL3ZQktrQZm1CIQ8tnMn5hCdT7W-DysejxxH9t128FYBA1Q The decoded JWT payload contains the following fields: `iss`: The issuer of the signature, which is the CRMI server URL. `hash`: The SHA256 checksum of the resource in minified JSON form. `{ "iss": "https://localhost:3000/oidc", "hash": "892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca" }` The signature is created using the private key of the CRMI server, ensuring the integrity and authenticity of the resource. Clients can verify JWT signature using the public key provided by the CRMI server, and then verify the SHA256 checksum against the resource's content to ensure it has not been altered.
Jurisdiction:	001

urn:oid:2.16.840.1.113883.4.642.40.38.28.13

Type:

system: http://terminology.hl7.org/CodeSystem/library-type

code: logic-library

Date: 2026-02-25 21:22:55+0000

Publisher: HL7 International / Clinical Decision Support

Description:

This example now demonstrates how to properly attach an artifact signature to a FHIR Library resource using the CRMI signature extension.

The generated SHA256 checksum of the current resource (which excludes id, text, and meta), in minified JSON form is:

892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca

The signature data value after base64 decoding is a JWT:

eyJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozMDAwL29pZGMiLCJoYXNoIjoiODkyYzk4ZTg2NjBjM2I4NGY4OGNmZmM0NzU5ODgwZWE2ZjczYWZhOWY1OGE1ZWU1ZGQyZjhiN2M0ODI1MGRjYSJ9.T581_ZkQee7RnJpePnApDIgWtHCO6GUFltHF3riM0wEEAMuVK8X63OrBZpRMCFZWwJ9_RQk3Jo9q4Tyu5WxnZaFxyH0cDCs21gFuCtUanRf4jep2ZfShjVjmm90AGyAzz6EeTodpWyNL48Js__ZSmK8HahkFos5DWZdi93BZalOPvR-pAnzKgxyrrkdmLFZBjKC6drzqhfTyTY0P2yLZV0x6X3btvkdcci8_tqKDl8xz84Gut4iHr0fivP7CbzBoIO6Dlw1gScFWaE9ATRDvkTnSYu3JVptMZo4xgKhrL3ZQktrQZm1CIQ8tnMn5hCdT7W-DysejxxH9t128FYBA1Q

The decoded JWT payload contains the following fields:

iss: The issuer of the signature, which is the CRMI server URL.
hash: The SHA256 checksum of the resource in minified JSON form.

{
  "iss": "https://localhost:3000/oidc",
  "hash": "892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca"
}

The signature is created using the private key of the CRMI server, ensuring the integrity and authenticity of the resource. Clients can verify JWT signature using the public key provided by the CRMI server, and then verify the SHA256 checksum against the resource's content to ensure it has not been altered.

Jurisdiction: 001

Source1

{
  "resourceType": "Library",
  "id": "ExampleSignatureLibrary",
  "meta": {
    "extension": [
      {
        "url": "http://hl7.org/fhir/uv/crmi/StructureDefinition/crmi-artifact-signature",
        "valueSignature": {
          "type": [
            {
              "system": "http://uri.etsi.org/01903/v1.2.2",
              "code": "ProofOfCreation"
            }
          ],
          "when": "2025-05-12T10:17:55.135Z",
          "who": {
            "display": "CRMI Server"
          },
          "sigFormat": "application/jwt",
          "data": "ZXlKaGJHY2lPaUpTVXpNNE5DSjkuZXlKcGMzTWlPaUpvZEhSd2N6b3ZMMnh2WTJGc2FHOXpkRG96TURBd0wyOXBaR01pTENKb1lYTm9Jam9pT0RreVl6azRaVGcyTmpCak0ySTROR1k0T0dObVptTTBOelU1T0Rnd1pXRTJaamN6WVdaaE9XWTFPR0UxWldVMVpHUXlaamhpTjJNME9ESTFNR1JqWVNKOS5UNTgxX1prUWVlN1JuSnBlUG5BcERJZ1d0SENPNkdVRmx0SEYzcmlNMHdFRUFNdVZLOFg2M09yQlpwUk1DRlpXd0o5X1JRazNKbzlxNFR5dTVXeG5aYUZ4eUgwY0RDczIxZ0Z1Q3RVYW5SZjRqZXAyWmZTaGpWam1tOTBBR3lBeno2RWVUb2RwV3lOTDQ4SnNfX1pTbUs4SGFoa0ZvczVEV1pkaTkzQlphbE9QdlItcEFuektneHlycmtkbUxGWkJqS0M2ZHJ6cWhmVHlUWTBQMnlMWlYweDZYM2J0dmtkY2NpOF90cUtEbDh4ejg0R3V0NGlIcjBmaXZQN0NiekJvSU82RGx3MWdTY0ZXYUU5QVRSRHZrVG5TWXUzSlZwdE1abzR4Z0tockwzWlFrdHJRWm0xQ0lROHRuTW41aENkVDdXLUR5c2VqeHhIOXQxMjhGWUJBMVEK"
        }
      }
    ]
  },
  "text": {
    "status": "extensions",
    "div": "<!-- snip (see above) -->"
  },
  "url": "http://hl7.org/fhir/uv/crmi/Library/ExampleSignatureLibrary",
  "identifier": [
    {
      "system": "urn:ietf:rfc:3986",
      "value": "urn:oid:2.16.840.1.113883.4.642.40.38.28.13"
    }
  ],
  "version": "2.0.0-ballot",
  "status": "active",
  "type": {
    "coding": [
      {
        "system": "http://terminology.hl7.org/CodeSystem/library-type",
        "code": "logic-library"
      }
    ]
  },
  "date": "2026-02-25T21:22:55+00:00",
  "publisher": "HL7 International / Clinical Decision Support",
  "contact": [
    {
      "telecom": [
        {
          "system": "url",
          "value": "http://www.hl7.org/Special/committees/dss"
        }
      ]
    }
  ],
  "description": "This example now demonstrates how to properly attach an artifact signature to a\nFHIR Library resource using the CRMI signature extension.\n\nThe generated SHA256 checksum of the current resource (which excludes `id`,\n`text`, and `meta`), in minified JSON form is:\n```\n892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca\n```\n\nThe signature `data` value after base64 decoding is a JWT:\n```\neyJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDozMDAwL29pZGMiLCJoYXNoIjoiODkyYzk4ZTg2NjBjM2I4NGY4OGNmZmM0NzU5ODgwZWE2ZjczYWZhOWY1OGE1ZWU1ZGQyZjhiN2M0ODI1MGRjYSJ9.T581_ZkQee7RnJpePnApDIgWtHCO6GUFltHF3riM0wEEAMuVK8X63OrBZpRMCFZWwJ9_RQk3Jo9q4Tyu5WxnZaFxyH0cDCs21gFuCtUanRf4jep2ZfShjVjmm90AGyAzz6EeTodpWyNL48Js__ZSmK8HahkFos5DWZdi93BZalOPvR-pAnzKgxyrrkdmLFZBjKC6drzqhfTyTY0P2yLZV0x6X3btvkdcci8_tqKDl8xz84Gut4iHr0fivP7CbzBoIO6Dlw1gScFWaE9ATRDvkTnSYu3JVptMZo4xgKhrL3ZQktrQZm1CIQ8tnMn5hCdT7W-DysejxxH9t128FYBA1Q\n```\n\nThe decoded JWT payload contains the following fields:\n- `iss`: The issuer of the signature, which is the CRMI server URL.\n- `hash`: The SHA256 checksum of the resource in minified JSON form.\n```\n{\n  \"iss\": \"https://localhost:3000/oidc\",\n  \"hash\": \"892c98e8660c3b84f88cffc4759880ea6f73afa9f58a5ee5dd2f8b7c48250dca\"\n}\n```\n\nThe signature is created using the private key of the CRMI server, ensuring the\nintegrity and authenticity of the resource. Clients can verify JWT signature\nusing the public key provided by the CRMI server, and then verify the SHA256\nchecksum against the resource's content to ensure it has not been altered.",
  "jurisdiction": [
    {
      "coding": [
        {
          "system": "http://unstats.un.org/unsd/methods/m49/m49.htm",
          "code": "001",
          "display": "World"
        }
      ]
    }
  ]
}

FHIR © HL7.org 2011+. | FHIRsmith 4.0.1 © HealthIntersections.com.au 2023+ | XIG built as of 2026-04-07 | 262,381 resources in 1,414 packages | (30 ms)