Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 01cea502cad96c0f4cf8fa02b81c89197a28040a / . / docs / specs / safe-bag.rst
blob: 04e3c4e6a89fb471f6cd69eb9e3baad0e41c0de5 [file] [log] [blame]
Davide Pesavento933a5672020-07-03 22:32:43 -0400[diff] [blame]1SafeBag Format for Exported Credentials
2=======================================
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]3
Davide Pesavento93101df2021-06-15 18:33:09 -0400[diff] [blame]4Sometimes it may be necessary to export an identity's credentials (i.e., private key and
5associated certificate) from one machine and import them into another. This requires a
6secure container to carry the sensitive information. We define **SafeBag**, which contains
7an :doc:`NDN certificate </specs/certificate>` and the corresponding private key in encrypted
8form. The private key is formatted as a DER-encoded
9`EncryptedPrivateKeyInfo <https://datatracker.ietf.org/doc/html/rfc5208#section-6>`__
10structure as described in PKCS #8.
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]11
Davide Pesavento93101df2021-06-15 18:33:09 -0400[diff] [blame]12The TLV-based format of ``SafeBag`` is defined as follows:
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]13
Davide Pesavento933a5672020-07-03 22:32:43 -0400[diff] [blame]14.. code-block:: abnf
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]15
Junxiao Shi9a04dda2019-07-02 15:18:20 +0000[diff] [blame]16 SafeBag = SAFE-BAG-TYPE TLV-LENGTH
Davide Pesavento93101df2021-06-15 18:33:09 -0400[diff] [blame]17 Certificate
18 EncryptedKey
Junxiao Shi9a04dda2019-07-02 15:18:20 +0000[diff] [blame]19
Davide Pesavento93101df2021-06-15 18:33:09 -0400[diff] [blame]20 EncryptedKey = ENCRYPTED-KEY-TYPE TLV-LENGTH
21 *OCTET ; PKCS #8 EncryptedPrivateKeyInfo
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]22
Davide Pesaventocad94b02021-04-09 21:23:03 -0400[diff] [blame]23+---------------------------------------------+------------------+-----------------+
24| Type | Assigned number | Assigned number |
25| | (decimal) | (hexadecimal) |
26+=============================================+==================+=================+
27| SafeBag | 128 | 0x80 |
28+---------------------------------------------+------------------+-----------------+
Davide Pesavento93101df2021-06-15 18:33:09 -0400[diff] [blame]29| EncryptedKey | 129 | 0x81 |
Davide Pesaventocad94b02021-04-09 21:23:03 -0400[diff] [blame]30+---------------------------------------------+------------------+-----------------+