Gitiles
Code Review Sign In
gerrit.named-data.net / name-based-access-control / 0db0feb3b4b71de09fb506dce14d3b5cd393f919^! / . / docs / spec.rst
commit0db0feb3b4b71de09fb506dce14d3b5cd393f919[log] [tgz]
authorAlexander Afanasyev <aa@cs.fiu.edu>Wed Jun 13 20:33:10 2018 -0400
committerAlexander Afanasyev <aa@cs.fiu.edu>Fri Jun 15 13:46:38 2018 -0400
treed25d2656adab2201bf1e1cdf6de019161b507b8b
parent2b4e885fb086f73ac7c30250b84a14c85e0f8046 [diff] [blame]
Encrypted content

Change-Id: Iabe169a07abd2237a3573b51efc0ad6ae31c85e2

diff --git a/docs/spec.rst b/docs/spec.rst
index b1733e4..30e398d 100644
--- a/docs/spec.rst
+++ b/docs/spec.rst

@@ -2,3 +2,43 @@
 =================
 
 TBD
+
+Terminology
+-----------
+
++-----------------+------------------------------------------------------------------------------------------+
+| Term            |  Description                                                                             |
++=================+==========================================================================================+
+| KEK             |  Key Encryption Key (RSA public key)                                                     |
++-----------------+------------------------------------------------------------------------------------------+
+| KDK             |  Key Decryption Key (RSA private key)                                                    |
++-----------------+------------------------------------------------------------------------------------------+
+| CK              |  Content Key (AES symmetric key)                                                         |
++-----------------+------------------------------------------------------------------------------------------+
+| CK data         |  Data packet carrying a KDK-encrypted CK as payoad                                       |
++-----------------+------------------------------------------------------------------------------------------+
+| Access Manager  |  (Data Owner) Entity that control access to the data associated with the namespace       |
++-----------------+------------------------------------------------------------------------------------------+
+| Encryptor       |  (Producer) Entity that encrypts data based on namespace association                     |
++-----------------+------------------------------------------------------------------------------------------+
+| Decryptor       |  (Consumer) Entity that decrypts data based on namespace association                     |
++-----------------+------------------------------------------------------------------------------------------+
+
+EncryptedContent
+-----------------
+
+The ``EncryptedContent`` element contains encrypted blob, optional Initial Vector (for AES CBC encryption),
+optional EncryptedPayloadKey, and Name elements.
+
+::
+
+     EncryptedContent ::= ENCRYPTED-CONTENT-TYPE TLV-LENGTH
+                            EncryptedPayload
+                            InitialVector
+                            EncryptedPayloadKey
+                            Name
+
+     InitialVector ::= INITIAL-VECTOR-TYPE TLV-LENGTH(=N) BYTE{N}
+     EncryptedPayload ::= ENCRYPTED-PAYLOAD-TYPE TLV-LENGTH(=N) BYTE{N}
+     EncryptedPayloadKey ::= ENCRYPTED-PAYLOAD-KEY-TYPE TLV-LENGTH(=N) BYTE{N}
+     InitialVector ::= INITIAL-VECTOR-TYPE TLV-LENGTH(=N) BYTE{N}