D.8. Some Other Optional Tables
We shall leap all over the place in this section, since we shall describe all the optional TrueType tables that are not "advanced tables" (in the sense of OpenType and AAT).
D.8.1. The DSIG Table
The DSIG table (OpenType only) contains a digital signature of the font. The principle of digital signatures is as follows: the font's designer or vendor registers with a provider of digital signatures (such as VeriSign, Cybertrust, or another) and obtains two "keys": a private key and a public key. Using the private key, she produces the font's digital signature. Operating systems and other software that uses fonts will read the public key and use it to authenticate the font. In other words, they check that it does indeed correspond to the original data.
OpenType accepts PKCS#7 digital signatures with an X.509 certificate [308, 187].
TTX shows the contents of the DSIG table in the form of hexadecimal data, but at the same time it warns the user that the table will no longer be valid after conversion to TTF.
Microsoft freely distributes a tool [256] that digitally signs OpenType and TrueType fonts. The tool is free, but the certificate provided by VeriSign [339] costs the considerable annual sum of more than $430. And take note: before committing yourself, consider that you will never be able to stop your annual subscription if you do not want your users to be confronted with warning messages about a revoked certificate! We may well ask who are the greater ...
Get Fonts & Encodings now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.