| Alexander Afanasyev | eee8c25 | 2013-11-21 23:22:41 +0000 | [diff] [blame^] | 1 | .. _signature: |
| 2 | |
| 3 | Signature |
| 4 | --------- |
| 5 | |
| 6 | .. code-block:: none |
| 7 | |
| 8 | Signature ::= SIGNATURE-TYPE TLV-LENGTH |
| 9 | ( DigestSha256 | |
| 10 | SignatureSha256WithRsa | |
| 11 | SignatureSha256WithRsaAndMerkle | |
| 12 | ... |
| 13 | ) |
| 14 | |
| 15 | Signature TLV is a general container of signature, which contains an inner signature TLV. |
| 16 | The type field of the inner signature TLV indicates the signing method of the signature, for example, |
| 17 | |
| 18 | - ``DigestSha256`` indicates that the integrity of Data is protected by a SHA-256 digest in ``DigestSha256``; |
| 19 | |
| 20 | - ``SignatureSha256WithRsa`` indicates that the integrity and provenacne of Data is protected by a RSA signature over a SHA-256 digest; |
| 21 | |
| 22 | - ``SignatureSha256WithRsaAndMerkle`` indicates that the integrity and provenance of Data is protected by a RSA signature over SHA-256-Merkle-Hash digest. |
| 23 | |
| 24 | If some other types of signatures are required, a new inner signature TLV will be defined. |
| 25 | |
| 26 | |
| 27 | For each inner signature TLV, the last embedded TLV must be a SignatureBits TLV, for example: |
| 28 | |
| 29 | .. code-block:: none |
| 30 | |
| 31 | DigestSha256 ::= DIGEST-SHA256-TYPE TLV-LENGTH(=32) SignatureBits(=BYTE[32]) |
| 32 | |
| 33 | SignatureSha256WithRsa ::= SIGNATURE-SHA256-WITH-RSA-TYPE TLV-LENGTH |
| 34 | KeyLocator |
| 35 | SignatureBits(=BYTE[32]) |
| 36 | |
| 37 | SignatureSha256WithRsaAndMerkle ::= SIGNATURE-SHA256-WITH-RSA-AND-MERKLE-TYPE |
| 38 | TLV-LENGTH |
| 39 | KeyLocator |
| 40 | Witness |
| 41 | SignatureBits(=BYTE[32]) |
| 42 | |
| 43 | Which fields are covered by the ``SignatureBits`` TLV is up to the signing mechanism. |
| 44 | A valid signing mechanism, however, must cover following TLVs: Name, MetaInfo (if present), and Content. |
| 45 | Some signing mechansims may also require the SignatureBits TLV to cover more TLVs. |
| 46 | For example, ``SignatureSha256WithRsa`` requires the KeyLocator TLV to be signed, |
| 47 | and ``SignatureSha256WithRsaAndMerkle`` requires both KeyLocator TLV and Witness TLV to be signed. |
| 48 | |
| 49 | For inner signature TLVs that use public key cryptography, the first embedded TLV must be a KeyLocator TLV, e.g., as shown in ``SignatureSha256WithRsa`` and ``SignatureSha256WithRsaAndMerkle`` above. |
| 50 | |
| 51 | .. code-block:: none |
| 52 | |
| 53 | KeyLocator ::= KEY-LOCATOR-TYPE TLV-LENGTH CertificateName | |
| 54 | (other types of KeyLocators) |
| 55 | CertificateName ::= CERTIFICATE-NAME-TYPE TLV-LENGTH Name |
| 56 | |
| 57 | A KeyLocator tells where to find the public key to verify this Data packet. |
| 58 | For example, one can specify the name of the certificate of the public key (by CertificateName). |
| 59 | Name conventions can be used to find the name of the key for a piece of content from the name of the Data packet. |
| 60 | |
| 61 | All the other embedded TLVs in an inner signature TLV (such as Witness) are the signature-specific meta information and may vary from a signature type to another. |
| 62 | |
| 63 | Changes from CCNx |
| 64 | ~~~~~~~~~~~~~~~~~ |
| 65 | |
| 66 | - ``Signature`` is moved to the end of Data packet. |
| 67 | |
| 68 | - ``KeyLocator`` is moved to be an inner signature block, making the inner signature block self-contained and self-sufficient. |
| 69 | |
| 70 | - Signature type (or signing method information) is expressed by the type of inner signature TLV, rather than OID. |
| 71 | |
| 72 | - Added support for cheaper signatures |
| 73 | |