Gitiles
Code Review Sign In
gerrit.named-data.net / name-based-access-control / 0db0feb3b4b71de09fb506dce14d3b5cd393f919 / . / docs / spec.rst
blob: 30e398dedc964dfe21d249fb1ba6603bea81889d [file] [log] [blame]
Alexander Afanasyev6e64ac92018-06-14 17:25:38 -0400[diff] [blame]1NAC Specification
2=================
3
4TBD
Alexander Afanasyev0db0feb2018-06-13 20:33:10 -0400[diff] [blame^]5
6Terminology
7-----------
8
9+-----------------+------------------------------------------------------------------------------------------+
10| Term | Description |
11+=================+==========================================================================================+
12| KEK | Key Encryption Key (RSA public key) |
13+-----------------+------------------------------------------------------------------------------------------+
14| KDK | Key Decryption Key (RSA private key) |
15+-----------------+------------------------------------------------------------------------------------------+
16| CK | Content Key (AES symmetric key) |
17+-----------------+------------------------------------------------------------------------------------------+
18| CK data | Data packet carrying a KDK-encrypted CK as payoad |
19+-----------------+------------------------------------------------------------------------------------------+
20| Access Manager | (Data Owner) Entity that control access to the data associated with the namespace |
21+-----------------+------------------------------------------------------------------------------------------+
22| Encryptor | (Producer) Entity that encrypts data based on namespace association |
23+-----------------+------------------------------------------------------------------------------------------+
24| Decryptor | (Consumer) Entity that decrypts data based on namespace association |
25+-----------------+------------------------------------------------------------------------------------------+
26
27EncryptedContent
28-----------------
29
30The ``EncryptedContent`` element contains encrypted blob, optional Initial Vector (for AES CBC encryption),
31optional EncryptedPayloadKey, and Name elements.
32
33::
34
35 EncryptedContent ::= ENCRYPTED-CONTENT-TYPE TLV-LENGTH
36 EncryptedPayload
37 InitialVector
38 EncryptedPayloadKey
39 Name
40
41 InitialVector ::= INITIAL-VECTOR-TYPE TLV-LENGTH(=N) BYTE{N}
42 EncryptedPayload ::= ENCRYPTED-PAYLOAD-TYPE TLV-LENGTH(=N) BYTE{N}
43 EncryptedPayloadKey ::= ENCRYPTED-PAYLOAD-KEY-TYPE TLV-LENGTH(=N) BYTE{N}
44 InitialVector ::= INITIAL-VECTOR-TYPE TLV-LENGTH(=N) BYTE{N}