| Yingdi Yu | 55ea01a | 2015-07-21 22:42:17 -0700 | [diff] [blame] | 1 | Export/Import Credentials |
| 2 | ========================= |
| 3 | |
| 4 | Sometimes, one may need to export credentials (e.g., certificate and private key) from |
| 5 | one machine, and import them into another machine. This requires a secured container for |
| 6 | sensitive information. We define **SafeBag**, which contains both an NDN certificate |
| 7 | (:doc:`version 2.0 <certificate-format>`) and the corresponding private |
| 8 | key which is encrypted in `PKCS#8 format <https://tools.ietf.org/html/rfc5208>`_. |
| 9 | |
| 10 | The format of **SafeBag** is defined as: |
| 11 | |
| 12 | :: |
| 13 | |
| 14 | SafeBag ::= SAFE-BAG-TYPE TLV-LENGTH |
| 15 | Certificate ; a data packet following certificate format spec |
| 16 | EncryptedKeyBag ; private key encrypted in PKCS#8 format |
| 17 | |
| 18 | All TLV-TYPE codes are application specific: |
| 19 | |
| 20 | +---------------------------------------------+-------------------+----------------+ |
| 21 | | TLV-TYPE | Assigned code | Assigned code | |
| 22 | | | (decimal) | (hexadecimal) | |
| 23 | +=============================================+===================+================+ |
| 24 | | SafeBag | 128 | 0x80 | |
| 25 | +---------------------------------------------+-------------------+----------------+ |
| 26 | | EncryptedKeyBag | 129 | 0x81 | |
| 27 | +---------------------------------------------+-------------------+----------------+ |