4. Including a Message Signature in a Message

HTTP message signatures can be included within an HTTP message via the Signature-Input and Signature fields, both defined within this specification.

The Signature-Input field identifies the covered components and parameters that describe how the signature was generated, while the Signature field contains the signature value. Each field MAY contain multiple labeled values.

An HTTP message signature is identified by a label within an HTTP message. This label MUST be unique within a given HTTP message and MUST be used in both the Signature-Input field and the Signature field. The label is chosen by the signer, except where a specific label is dictated by protocol negotiations such as those described in Section 5.

An HTTP message signature MUST use both the Signature-Input field and the Signature field, and each field MUST contain the same labels. The presence of a label in one field but not the other is an error.

4. Including a Message Signature in a Message​

4. Including a Message Signature in a Message