Skip to content

InstantWebP2P/nacl-cert

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AIoT NaCL Cert System Specification based on TweetNaCL

NaCL Certification System

Certification file format as JSON consists of description and signature parts

  • Description object defined as below
  {  
      // common part or request part  
        "version": string,       // version: '1.0'  
           "type": string,       // type: 'self', 'ca'  
            "tte": Date as ms,   // cert live time to expire from UTC 1970-01-01T00:00:00Z, ms  
             "ca": string        // CA domain name, like appnet.link,  
                                 // in case self-sign it MUST be filled in advance  
      "publickey": byte array,   // NACL Box public key to sign with CA,  
                                 // or Sign public key to sign by self  
          "names": string array, // domain name to ask sign, ignore for self-sign cert  
            "ips": string array, // domain ip address to ask sign, ignore for self-sign cert
           "macs": string array, // domain mac address to ask sign, ignore for self-sign cert  
              
      // append fields when sign  
            "gid": uuid string,  // cert global id: 16 bytes of uuid string  
       "signtime": Date as ms,   // signed time as ms from UTC 1970-01-01T00:00:00Z  
  }
  • Signature object defined as below
  {  
      signature: byte array      // NACL signature  
  }
  • Entire cert object defined as below
  {  
      desc: Description object,  
      sign: Signature object  
  }

Cert request object defined as Common part of Description

self-signed:  {  
     // common part or request part  
        "version": string,       // version: '1.0'  
           "type": 'self',       // type: 'self'  
            "tte": Date as ms,   // cert live time to expire from UTC 1970-01-01T00:00:00Z, ms  
             "ca": string        // CA domain name, like appnet.link  
      "publickey": byte array,   // NACL Sign public key to sign by self  
  }  
  
ca-signed:  {  
     // common part or request part  
        "version": string,       // version: '1.0'  
           "type": 'ca',         // type: 'ca'  
            "tte": Date as ms,   // cert live time to expire from UTC 1970-01-01T00:00:00Z, ms  
             "ca": string        // CA domain name, like appnet.link  
      "publickey": byte array,   // NACL box public key to sign
        
          "names": string array, // domain name to ask sign, ignore for self-sign cert      
            "ips": string array, // domain ip address to ask sign, ignore for self-sign cert
           "macs": string array, // domain mac address to ask sign, ignore for self-sign cert  
  }

Reference implementations

License

(MIT)

Copyright (c) 2014-present Tom Zhou([email protected])