Stored in a file, it should begin with "cm/encrypted" [encoding/MAGIC].
-include [schemas/encrypted.tcl]\r
+<< [schemas/encrypted.tcl]\r
"/payload" contains the ciphertext. It is encrypted with random "content
encryption key" (CEK) with an algorithm specified in "/dem/a" (data
Stored in a file, it should begin with "cm/hashed" [encoding/MAGIC].
-include [schemas/hashed.tcl]\r
+<< [schemas/hashed.tcl]\r
"/a" tells what algorithms will be used to hash the data.
"/t" tells the type of the data inside.
Balloon-BLAKE2b+HKDF KEM.
-include [schemas/kem-balloon-blake2b-hkdf.tcl]\r
+<< [schemas/kem-balloon-blake2b-hkdf.tcl]\r
Balloon memory-hardened password hasher must be used with BLAKE2b hash.
=> https://crypto.stanford.edu/balloon/ Balloon\r
GOST R 34.10+HKDF KEM.
-include [schemas/kem-gost3410-hkdf.tcl]\r
+<< [schemas/kem-gost3410-hkdf.tcl]\r
GOST R 34.10-2012 VKO parameter set A/C ("gost3410-256A", "gost3410-512C")
must be used for DH operation, with UKM taken from the structure. VKO's
Classic McEliece 6960-119+X25519+HKDF-SHAKE256 KEM.
-include [schemas/kem-with-encap.tcl]\r
+<< [schemas/kem-with-encap.tcl]\r
"/kem/*/a" equals to "mceliece6960119-x25519-hkdf-shake256".
Recipient public key with [cm/pub/mceliece6960119-x25519]
PBKDF2 KEM.
-include [schemas/kem-pbkdf2.tcl]\r
+<< [schemas/kem-pbkdf2.tcl]\r
PBKDF2 is RFC 2898 algorithm.
Key length equal to key wrapping algorithm requirements.
SNTRUP4591761+X25519+HKDF-BLAKE2b KEM.
-include [schemas/kem-with-encap.tcl]\r
+<< [schemas/kem-with-encap.tcl]\r
"/kem/*/a" equals to "sntrup4591761-x25519-hkdf-blake2b".
Recipient public key with [cm/pub/sntrup4591761-x25519]
Private key container.
-include [schemas/av.tcl]\r
+<< [schemas/av.tcl]\r
Stored in a file, it should begin with "cm/prv" [encoding/MAGIC].
Its "/load/t" equals to "pub". "/load/v" contains "cm/pub/load":
-include [schemas/pub-load.tcl]\r
+<< [schemas/pub-load.tcl]\r
sub:
Subject is a map of arbitrary strings. Currently no constraints on
[cm/signed/]'s "sig-tbs" *must* contain additional fields:
-include [schemas/pub-sig-tbs.tcl]\r
+<< [schemas/pub-sig-tbs.tcl]\r
sid: Signing public key's fingerprint.
cid: Certification unique identifier. UUIDv7 is a good choice.
Stored in a file, it should begin with "cm/signed" [encoding/MAGIC],
unless it is a [cm/pub/]lic key.
-include [schemas/av.tcl]\r
-include [schemas/fpr.tcl]\r
-include [schemas/signed.tcl]\r
+<< [schemas/av.tcl]\r
+<< [schemas/fpr.tcl]\r
+<< [schemas/signed.tcl]\r
Signature is created by signing the:
cm/signed/prehash || BLOB(detached-data) || cm/signed
-include [schemas/signed-prehash.tcl]\r
+<< [schemas/signed-prehash.tcl]\r
With "cm/signed/prehash" you initialise your hashers used during signing
process and feed BLOB's contents (not the encoded BLOB itself!) into the them.
* It *should* differentiate binary and human-readable strings.
* It *would* be nice to have human-editable intermediate representation.
-include [ComparisonWithOtherCodecs]\r
+<<[ComparisonWithOtherCodecs]\r
[INSTALL]
[encoding/]
and [cm/pub/] as:
-include [schemas/pub.tcl]\r
-include [schemas/fpr.tcl]\r
-include [schemas/pub-load.tcl]\r
-include [schemas/pub-sig-tbs.tcl]\r
+<< [schemas/pub.tcl]\r
+<< [schemas/fpr.tcl]\r
+<< [schemas/pub-load.tcl]\r
+<< [schemas/pub-sig-tbs.tcl]\r
schema.tcl calls "schemas {s0 cmds0 s1 cmds1 ...}"
commands to produce an encoded map with "cmds*" commands for