Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 02ed332ddd7cbd7d8574804bbbd87330690cd852 / . / docs / specs / safe-bag.rst
blob: 5d90ae7d0420b4a5f37cf98c73e3e934a448f860 [file] [log] [blame]
Davide Pesavento933a5672020-07-03 22:32:43 -0400[diff] [blame]1SafeBag Format for Exported Credentials
2=======================================
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]3
Davide Pesavento576c21b2022-11-29 20:00:22 -0500[diff] [blame]4Sometimes it may be necessary to export an identity's credentials (i.e., private key and associated
5certificate) from one machine and import them into another. This requires a secure container to
6carry the sensitive information. For this purpose, we define the **SafeBag** format, which contains
Davide Pesavento02ed3322023-02-23 19:40:22 -0500[diff] [blame^]7an `NDN certificate <https://docs.named-data.net/NDN-packet-spec/0.3/certificate.html>`__ and the
Davide Pesavento576c21b2022-11-29 20:00:22 -0500[diff] [blame]8corresponding private key in encrypted form. The private key is formatted as a DER-encoded
9:rfc:`EncryptedPrivateKeyInfo <5208#section-6>` structure as described in PKCS #8.
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]10
Davide Pesavento576c21b2022-11-29 20:00:22 -0500[diff] [blame]11The TLV encoding of ``SafeBag`` is defined as follows:
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]12
Davide Pesavento933a5672020-07-03 22:32:43 -0400[diff] [blame]13.. code-block:: abnf
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]14
Junxiao Shi9a04dda2019-07-02 15:18:20 +0000[diff] [blame]15 SafeBag = SAFE-BAG-TYPE TLV-LENGTH
Davide Pesavento93101df2021-06-15 18:33:09 -0400[diff] [blame]16 Certificate
17 EncryptedKey
Junxiao Shi9a04dda2019-07-02 15:18:20 +0000[diff] [blame]18
Davide Pesavento93101df2021-06-15 18:33:09 -0400[diff] [blame]19 EncryptedKey = ENCRYPTED-KEY-TYPE TLV-LENGTH
20 *OCTET ; PKCS #8 EncryptedPrivateKeyInfo
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]21
Davide Pesaventocad94b02021-04-09 21:23:03 -0400[diff] [blame]22+---------------------------------------------+------------------+-----------------+
23| Type | Assigned number | Assigned number |
24| | (decimal) | (hexadecimal) |
25+=============================================+==================+=================+
26| SafeBag | 128 | 0x80 |
27+---------------------------------------------+------------------+-----------------+
Davide Pesavento93101df2021-06-15 18:33:09 -0400[diff] [blame]28| EncryptedKey | 129 | 0x81 |
Davide Pesaventocad94b02021-04-09 21:23:03 -0400[diff] [blame]29+---------------------------------------------+------------------+-----------------+