Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / dbe645f879e6906945a07935b5da344f8801afd4 / . / docs / specs / safe-bag.rst
blob: 6cc6773bc959394a36d0c90009c046c35070df1b [file] [log] [blame]
Davide Pesavento933a5672020-07-03 22:32:43 -0400[diff] [blame]1SafeBag Format for Exported Credentials
2=======================================
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]3
4Sometimes, one may need to export credentials (e.g., certificate and private key) from
5one machine, and import them into another machine. This requires a secured container for
6sensitive information. We define **SafeBag**, which contains both an NDN certificate
Davide Pesaventocad94b02021-04-09 21:23:03 -0400[diff] [blame]7(:doc:`version 2.0 <certificate>`) and the corresponding private key, which is encrypted
8in `PKCS #8 format <https://tools.ietf.org/html/rfc5208>`_.
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]9
10The format of **SafeBag** is defined as:
11
Davide Pesavento933a5672020-07-03 22:32:43 -0400[diff] [blame]12.. code-block:: abnf
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]13
Junxiao Shi9a04dda2019-07-02 15:18:20 +0000[diff] [blame]14 SafeBag = SAFE-BAG-TYPE TLV-LENGTH
Davide Pesavento933a5672020-07-03 22:32:43 -0400[diff] [blame]15 CertificateV2
Junxiao Shi9a04dda2019-07-02 15:18:20 +0000[diff] [blame]16 EncryptedKeyBag
17
18 EncryptedKeyBag = ENCRYPTED-KEY-BAG-TYPE TLV-LENGTH
Davide Pesavento933a5672020-07-03 22:32:43 -0400[diff] [blame]19 *OCTET ; private key encrypted in PKCS #8 format
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]20
Davide Pesavento933a5672020-07-03 22:32:43 -0400[diff] [blame]21All TLV-TYPE numbers are application specific:
Yingdi Yu55ea01a2015-07-21 22:42:17 -0700[diff] [blame]22
Davide Pesaventocad94b02021-04-09 21:23:03 -0400[diff] [blame]23+---------------------------------------------+------------------+-----------------+
24| Type | Assigned number | Assigned number |
25| | (decimal) | (hexadecimal) |
26+=============================================+==================+=================+
27| SafeBag | 128 | 0x80 |
28+---------------------------------------------+------------------+-----------------+
29| EncryptedKeyBag | 129 | 0x81 |
30+---------------------------------------------+------------------+-----------------+