Davide Pesavento | 933a567 | 2020-07-03 22:32:43 -0400 | [diff] [blame] | 1 | SafeBag Format for Exported Credentials |
| 2 | ======================================= |
Yingdi Yu | 55ea01a | 2015-07-21 22:42:17 -0700 | [diff] [blame] | 3 | |
Davide Pesavento | 576c21b | 2022-11-29 20:00:22 -0500 | [diff] [blame^] | 4 | Sometimes it may be necessary to export an identity's credentials (i.e., private key and associated |
| 5 | certificate) from one machine and import them into another. This requires a secure container to |
| 6 | carry the sensitive information. For this purpose, we define the **SafeBag** format, which contains |
| 7 | an `NDN certificate <https://named-data.net/doc/NDN-packet-spec/0.3/certificate.html>`__ and the |
| 8 | corresponding private key in encrypted form. The private key is formatted as a DER-encoded |
| 9 | :rfc:`EncryptedPrivateKeyInfo <5208#section-6>` structure as described in PKCS #8. |
Yingdi Yu | 55ea01a | 2015-07-21 22:42:17 -0700 | [diff] [blame] | 10 | |
Davide Pesavento | 576c21b | 2022-11-29 20:00:22 -0500 | [diff] [blame^] | 11 | The TLV encoding of ``SafeBag`` is defined as follows: |
Yingdi Yu | 55ea01a | 2015-07-21 22:42:17 -0700 | [diff] [blame] | 12 | |
Davide Pesavento | 933a567 | 2020-07-03 22:32:43 -0400 | [diff] [blame] | 13 | .. code-block:: abnf |
Yingdi Yu | 55ea01a | 2015-07-21 22:42:17 -0700 | [diff] [blame] | 14 | |
Junxiao Shi | 9a04dda | 2019-07-02 15:18:20 +0000 | [diff] [blame] | 15 | SafeBag = SAFE-BAG-TYPE TLV-LENGTH |
Davide Pesavento | 93101df | 2021-06-15 18:33:09 -0400 | [diff] [blame] | 16 | Certificate |
| 17 | EncryptedKey |
Junxiao Shi | 9a04dda | 2019-07-02 15:18:20 +0000 | [diff] [blame] | 18 | |
Davide Pesavento | 93101df | 2021-06-15 18:33:09 -0400 | [diff] [blame] | 19 | EncryptedKey = ENCRYPTED-KEY-TYPE TLV-LENGTH |
| 20 | *OCTET ; PKCS #8 EncryptedPrivateKeyInfo |
Yingdi Yu | 55ea01a | 2015-07-21 22:42:17 -0700 | [diff] [blame] | 21 | |
Davide Pesavento | cad94b0 | 2021-04-09 21:23:03 -0400 | [diff] [blame] | 22 | +---------------------------------------------+------------------+-----------------+ |
| 23 | | Type | Assigned number | Assigned number | |
| 24 | | | (decimal) | (hexadecimal) | |
| 25 | +=============================================+==================+=================+ |
| 26 | | SafeBag | 128 | 0x80 | |
| 27 | +---------------------------------------------+------------------+-----------------+ |
Davide Pesavento | 93101df | 2021-06-15 18:33:09 -0400 | [diff] [blame] | 28 | | EncryptedKey | 129 | 0x81 | |
Davide Pesavento | cad94b0 | 2021-04-09 21:23:03 -0400 | [diff] [blame] | 29 | +---------------------------------------------+------------------+-----------------+ |