Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 93101df38ffa317f2b45e62084fae4629198d8c0^! / . / docs / specs / safe-bag.rst
commit93101df38ffa317f2b45e62084fae4629198d8c0[log] [tgz]
authorDavide Pesavento <davidepesa@gmail.com>Tue Jun 15 18:33:09 2021 -0400
committerDavide Pesavento <davidepesa@gmail.com>Thu Jun 17 20:06:04 2021 -0400
treeb2505eedc47345630a2456302a9f59b0ee669831
parent045664345c6e7187a4c12aca23cc9912b732a422 [diff] [blame]
docs+security: clarify the SafeBag format specification

Rename CertificateV2 => Certificate and EncryptedKeyBag => EncryptedKey

Change-Id: I47dca47ddd4542b5548061373e469bb386fa20bf

diff --git a/docs/specs/safe-bag.rst b/docs/specs/safe-bag.rst
index 6cc6773..04e3c4e 100644
--- a/docs/specs/safe-bag.rst
+++ b/docs/specs/safe-bag.rst

@@ -1,24 +1,24 @@
 SafeBag Format for Exported Credentials
 =======================================
 
-Sometimes, one may need to export credentials (e.g., certificate and private key) from
-one machine, and import them into another machine.  This requires a secured container for
-sensitive information.  We define **SafeBag**, which contains both an NDN certificate
-(:doc:`version 2.0 <certificate>`) and the corresponding private key, which is encrypted
-in `PKCS #8 format <https://tools.ietf.org/html/rfc5208>`_.
+Sometimes it may be necessary to export an identity's credentials (i.e., private key and
+associated certificate) from one machine and import them into another. This requires a
+secure container to carry the sensitive information. We define **SafeBag**, which contains
+an :doc:`NDN certificate </specs/certificate>` and the corresponding private key in encrypted
+form. The private key is formatted as a DER-encoded
+`EncryptedPrivateKeyInfo <https://datatracker.ietf.org/doc/html/rfc5208#section-6>`__
+structure as described in PKCS #8.
 
-The format of **SafeBag** is defined as:
+The TLV-based format of ``SafeBag`` is defined as follows:
 
 .. code-block:: abnf
 
     SafeBag = SAFE-BAG-TYPE TLV-LENGTH
-                CertificateV2
-                EncryptedKeyBag
+                Certificate
+                EncryptedKey
 
-    EncryptedKeyBag = ENCRYPTED-KEY-BAG-TYPE TLV-LENGTH
-                        *OCTET ; private key encrypted in PKCS #8 format
-
-All TLV-TYPE numbers are application specific:
+    EncryptedKey = ENCRYPTED-KEY-TYPE TLV-LENGTH
+                     *OCTET ; PKCS #8 EncryptedPrivateKeyInfo
 
 +---------------------------------------------+------------------+-----------------+
 | Type                                        | Assigned number  | Assigned number |
@@ -26,5 +26,5 @@
 +=============================================+==================+=================+
 | SafeBag                                     | 128              | 0x80            |
 +---------------------------------------------+------------------+-----------------+
-| EncryptedKeyBag                             | 129              | 0x81            |
+| EncryptedKey                                | 129              | 0x81            |
 +---------------------------------------------+------------------+-----------------+