Skip to content

[Documentation] Fix signature format documentation to match implementation#186

Open
vcolin7 wants to merge 1 commit intomodelcontextprotocol:mainfrom
vcolin7:patch-1
Open

[Documentation] Fix signature format documentation to match implementation#186
vcolin7 wants to merge 1 commit intomodelcontextprotocol:mainfrom
vcolin7:patch-1

Conversation

@vcolin7
Copy link

@vcolin7 vcolin7 commented Feb 7, 2026

Clarify the MCPB signature format in documentation

The signature format documentation in https://github.com/asklar/mcpb/tree/main/CLI.md#L116-L154 currently shows a simplified format that doesn't match the actual implementation. This PR corrects the documentation to accurately describe the binary signature structure.

Motivation and Context

The current documentation states that MCPB signatures use [Base64-encoded PKCS#7 signature], but the actual implementation uses:

  • A 4-byte little-endian length prefix before the signature
  • DER-encoded (raw binary) signatures, not Base64

This discrepancy causes issues for developers implementing MCPB signing outside of the official CLI. For example, Microsoft is integrating MCPB signing with our enterprise signing service (ESRP), and we discovered the documentation didn't match the actual format expected by mcpb verify.

The length prefix is essential because raw DER bytes could contain byte sequences that match MCPB_SIG_END, making parsing ambiguous without knowing the exact signature length.

How Has This Been Tested?

  • Verified by reading the source code in both the TypeScript implementation (writeUInt32LE/readUInt32LE) and the C#/.NET implementation (BitConverter.GetBytes/BitConverter.ToInt32)
  • Signed MCPB files using the correct format outside of the MCPB CLI and verified them with the CLI's mcpb verify command.

Breaking Changes

None. This is a documentation-only change that corrects the docs to match existing behavior.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

Current documentation (incorrect):

[Original MCPB ZIP content]
MCPB_SIG_V1
[Base64-encoded PKCS#7 signature]
MCPB_SIG_END

Proposed documentation (matches implementation):

[Original MCPB ZIP content]
MCPB_SIG_V1
[4-byte little-endian length prefix]
[DER-encoded PKCS#7 signature]
MCPB_SIG_END

@vcolin7
Update MCPB signature format description
19afbcd 
Clarify the MCPB signature format in documentation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vcolin7