=> PUBKEY-SSH.pub.asc\r
=> https://www.openssh.com/ OpenSSH\r
=> https://gnupg.org/ GnuPG\r
-=> https://datatracker.ietf.org/doc/html/rfc5854 Metalink4\r
+=> https://datatracker.ietf.org/doc/html/rfc5854.html Metalink4\r
[cm/signed/] .sig file can be verified with:
=> PUBKEY-CM.pub\r
=> https://datatracker.ietf.org/doc/html/rfc5869.html RFC 5869, HKDF\r
=> https://datatracker.ietf.org/doc/html/rfc7693.html RFC 7693, BLAKE2b\r
-=> https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha XChaCha20-Poly1305 AEAD\r
+=> https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha.html XChaCha20-Poly1305 AEAD\r
=> https://datatracker.ietf.org/doc/html/rfc8439.html RFC 8439\r
=> https://datatracker.ietf.org/doc/html/rfc5869.html RFC 5869, HKDF\r
=> https://datatracker.ietf.org/doc/html/rfc7693.html RFC 7693, BLAKE2b\r
-=> https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha XChaCha20-Poly1305 AEAD\r
+=> https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha.html XChaCha20-Poly1305 AEAD\r
=> https://datatracker.ietf.org/doc/html/rfc8439.html RFC 8439\r
Merkle trees are very convenient way to parallelise data hashing.
RFC 9162 is used as a base for all Merkle-tree based hashers.
-=> https://datatracker.ietf.org/doc/html/rfc9162 RFC 9162\r
+=> https://datatracker.ietf.org/doc/html/rfc9162.html RFC 9162\r
By default 128KiB chunks are used.
do-backs\r
Integrity protected container, analogue to ASN.1-based CMS DigestedData.
-=> https://datatracker.ietf.org/doc/html/rfc5652 CMS\r
+=> https://datatracker.ietf.org/doc/html/rfc5652.html CMS\r
Stored in a file, it should begin with "cm/hashed" [encoding/MAGIC].
Classic McEliece 6960-119 + X25519 + HKDF-SHAKE256 KEM.
=> https://classic.mceliece.org/ Classic McEliece\r
-=> https://datatracker.ietf.org/doc/html/rfc7748 X25519\r
+=> https://datatracker.ietf.org/doc/html/rfc7748.html X25519\r
=> https://datatracker.ietf.org/doc/html/rfc5869.html RFC 5869, HKDF\r
=> https://keccak.team/ SHAKE XOF function\r
Streamlined NTRU Prime 761 + X25519 + HKDF-BLAKE2b KEM.
=> https://ntruprime.cr.yp.to/ Streamlined NTRU Prime KEM algorithm\r
-=> https://datatracker.ietf.org/doc/html/rfc7748 X25519\r
+=> https://datatracker.ietf.org/doc/html/rfc7748.html X25519\r
=> https://datatracker.ietf.org/doc/html/rfc5869.html RFC 5869, HKDF\r
=> https://datatracker.ietf.org/doc/html/rfc7693.html RFC 7693, BLAKE2b\r
"/kem/*/cek" is wrapped with [cm/keywrap/xchapoly] mechanism.
KEM combiner nearly fully resembles:
-=> https://datatracker.ietf.org/doc/draft-josefsson-chempat/ Chempat\r
+=> https://datatracker.ietf.org/doc/draft-josefsson-chempat/.html Chempat\r
XChaCha20-Poly1305 key wrapping mechanism.
Key is encrypted using XChaCha20-Poly1305 algorithm.
-=> https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha XChaCha20-Poly1305\r
+=> https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha.html XChaCha20-Poly1305\r
Random 192-bit nonce is prepended to the ciphertext.
KEK has 256-bit length.
[cm/prv/] with Ed25519-BLAKE2b.
32-byte Ed25519 private key is used, as described in EdDSA RFC.
In many libraries it is called "seed".
-=> https://datatracker.ietf.org/doc/html/rfc8032 EdDSA\r
+=> https://datatracker.ietf.org/doc/html/rfc8032.html EdDSA\r
"ed25519-blake2b" algorithm identifier is used, however actually no
hash is involved in private key storage.
[cm/prv/] with Classic McEliece 6960-119 + X25519.
=> https://classic.mceliece.org/ Classic McEliece\r
-=> https://datatracker.ietf.org/doc/html/rfc7748 X25519\r
+=> https://datatracker.ietf.org/doc/html/rfc7748.html X25519\r
Concatenation of Classic McEliece 6960-119 13948-byte private key
and X25519's 32-byte one.
"mceliece6960119-x25519" algorithm identifier is used.
[cm/prv/] with Streamlined NTRU Prime 761 + X25519.
=> https://ntruprime.cr.yp.to/ NTRU Prime\r
-=> https://datatracker.ietf.org/doc/html/rfc7748 X25519\r
+=> https://datatracker.ietf.org/doc/html/rfc7748.html X25519\r
It is a concatenation of SNTRUP's 1763-byte and X25519's 32-byte keys.
"sntrup761-x25519" algorithm identifier is used.
[cm/pub/] with Classic McEliece 6960-119 + X25519.
=> https://classic.mceliece.org/ Classic McEliece\r
-=> https://datatracker.ietf.org/doc/html/rfc7748 X25519\r
+=> https://datatracker.ietf.org/doc/html/rfc7748.html X25519\r
Combined Classic McEliece 6960-119 and X25519 public keys are used
for KEM purposes, so should have "kem" key usage set.
[cm/pub/] with Streamlined NTRU Prime 761 + X25519.
=> https://ntruprime.cr.yp.to/ Streamlined NTRU Prime KEM algorithm\r
-=> https://datatracker.ietf.org/doc/html/rfc7748 X25519\r
+=> https://datatracker.ietf.org/doc/html/rfc7748.html X25519\r
Combined Streamlined NTRU Prime 761 and X25519 public keys are
used for KEM purposes, so should have "kem" key usage set.
EdDSA with Edwards25519 is used similarly as in RFC 8032.
But BLAKE2b is used instead of SHA2-512 hash.
-=> https://datatracker.ietf.org/doc/html/rfc8032 RFC 8032, EdDSA\r
+=> https://datatracker.ietf.org/doc/html/rfc8032.html RFC 8032, EdDSA\r
Strict ZIP-0215 validation rules should be used while verifying the signature.
=> https://zips.z.cash/zip-0215 ZIP-0215\r
=> https://www.JSON.org/json-en.html JSON\r
=> https://bsonspec.org/ BSON\r
=> https://msgpack.org/ MessagePack\r
-=> https://datatracker.ietf.org/doc/html/rfc8949 CBOR\r
-=> https://datatracker.ietf.org/doc/html/draft-mcnally-deterministic-cbor-11 dCBOR\r
+=> https://datatracker.ietf.org/doc/html/rfc8949.html CBOR\r
+=> https://datatracker.ietf.org/doc/html/draft-mcnally-deterministic-cbor-11.html dCBOR\r
=> http://cr.yp.to/proto/netstrings.txt Netstrings\r
=> https://wiki.theory.org/BitTorrentSpecification#Bencoding Bencode\r
=> https://en.wikipedia.org/wiki/Canonical_S-expressions Canonical S-expressions\r
16-byte binary strings, which will be pretty printed as UUID or
IPv6 address.
-=> https://datatracker.ietf.org/doc/html/rfc9562 UUID\r
+=> https://datatracker.ietf.org/doc/html/rfc9562.html UUID\r
Application is left responsible for UUID validation.
Check that chosen (if it exists) element's value equals to binary
string "v".
-=> https://datatracker.ietf.org/doc/html/rfc8610 CDDL\r
+=> https://datatracker.ietf.org/doc/html/rfc8610.html CDDL\r
For example let's check "our" structure, described in CDDL as:
ai = text .gt 0