docs+security: clarify the SafeBag format specification
Rename CertificateV2 => Certificate and EncryptedKeyBag => EncryptedKey
Change-Id: I47dca47ddd4542b5548061373e469bb386fa20bf
diff --git a/docs/specs/certificate.rst b/docs/specs/certificate.rst
index 9233b75..2808bc8 100644
--- a/docs/specs/certificate.rst
+++ b/docs/specs/certificate.rst
@@ -45,20 +45,20 @@
.. code-block:: abnf
- CertificateV2 = DATA-TYPE TLV-LENGTH
- Name ; /<IdentityName>/KEY/<KeyId>/<IssuerId>/<Version>
- MetaInfo ; ContentType == KEY, FreshnessPeriod required
- CertificateV2Content
- CertificateV2SignatureInfo
- SignatureValue
+ Certificate = DATA-TYPE TLV-LENGTH
+ Name ; /<IdentityName>/KEY/<KeyId>/<IssuerId>/<Version>
+ MetaInfo ; ContentType == KEY, FreshnessPeriod required
+ CertificateContent
+ CertificateSignatureInfo
+ SignatureValue
- CertificateV2Content = CONTENT-TYPE TLV-LENGTH SubjectPublicKeyInfo
+ CertificateContent = CONTENT-TYPE TLV-LENGTH SubjectPublicKeyInfo
- CertificateV2SignatureInfo = SIGNATURE-INFO-TYPE TLV-LENGTH
+ CertificateSignatureInfo = SIGNATURE-INFO-TYPE TLV-LENGTH
SignatureType
KeyLocator
ValidityPeriod
- *CertificateV2Extension
+ *CertificateExtension
Name
@@ -103,8 +103,8 @@
Content
-------
-The ``Content`` element of a certificate contains the actual bits of the public key, formatted
-as a DER-encoded `SubjectPublicKeyInfo <https://tools.ietf.org/html/rfc5280#section-4.1.2.7>`__
+The ``Content`` element of a certificate contains the actual bits of the public key, formatted as
+a DER-encoded `SubjectPublicKeyInfo <https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.7>`__
structure.
SignatureInfo
@@ -176,7 +176,7 @@
.. code-block:: abnf
- CertificateV2Extension = AdditionalDescription
+ CertificateExtension = AdditionalDescription
AdditionalDescription = ADDITIONAL-DESCRIPTION-TYPE TLV-LENGTH
1*DescriptionEntry
diff --git a/docs/specs/safe-bag.rst b/docs/specs/safe-bag.rst
index 6cc6773..04e3c4e 100644
--- a/docs/specs/safe-bag.rst
+++ b/docs/specs/safe-bag.rst
@@ -1,24 +1,24 @@
SafeBag Format for Exported Credentials
=======================================
-Sometimes, one may need to export credentials (e.g., certificate and private key) from
-one machine, and import them into another machine. This requires a secured container for
-sensitive information. We define **SafeBag**, which contains both an NDN certificate
-(:doc:`version 2.0 <certificate>`) and the corresponding private key, which is encrypted
-in `PKCS #8 format <https://tools.ietf.org/html/rfc5208>`_.
+Sometimes it may be necessary to export an identity's credentials (i.e., private key and
+associated certificate) from one machine and import them into another. This requires a
+secure container to carry the sensitive information. We define **SafeBag**, which contains
+an :doc:`NDN certificate </specs/certificate>` and the corresponding private key in encrypted
+form. The private key is formatted as a DER-encoded
+`EncryptedPrivateKeyInfo <https://datatracker.ietf.org/doc/html/rfc5208#section-6>`__
+structure as described in PKCS #8.
-The format of **SafeBag** is defined as:
+The TLV-based format of ``SafeBag`` is defined as follows:
.. code-block:: abnf
SafeBag = SAFE-BAG-TYPE TLV-LENGTH
- CertificateV2
- EncryptedKeyBag
+ Certificate
+ EncryptedKey
- EncryptedKeyBag = ENCRYPTED-KEY-BAG-TYPE TLV-LENGTH
- *OCTET ; private key encrypted in PKCS #8 format
-
-All TLV-TYPE numbers are application specific:
+ EncryptedKey = ENCRYPTED-KEY-TYPE TLV-LENGTH
+ *OCTET ; PKCS #8 EncryptedPrivateKeyInfo
+---------------------------------------------+------------------+-----------------+
| Type | Assigned number | Assigned number |
@@ -26,5 +26,5 @@
+=============================================+==================+=================+
| SafeBag | 128 | 0x80 |
+---------------------------------------------+------------------+-----------------+
-| EncryptedKeyBag | 129 | 0x81 |
+| EncryptedKey | 129 | 0x81 |
+---------------------------------------------+------------------+-----------------+