When a signature is required for an object, the designated fields of the object are taken, encoded in the standard way (see below) and concatenated together in the designated order. The resulting block of data is called the fingerprint of the object. It is signed with the private key of the respective user.
The encoding is designed in such a way so that any two different objects produce different fingerprints. This prevents object malleability — to make it impossible to change the object while the signature remains valid.
The fingerprint is a structure consisting of fields in a fixed order. Every field may be of one of primitive types, a structure, or an array of any type. The encoding of the supported types is described below.
Null value of any type is encoded as one-byte value
Boolean value is one byte:
value < 0xFC
value <= 0xFFFF
value <= 0xFFFF FFFF
value > 0xFFFF FFFF
Encoded as an array of bytes. The length of the array is present, as for every other array of bytes, but will be the same for all hashes using the same algorithm.
IPv4 or IPv6 address, encoded as an array of bytes in network order.