* Ability to safely encrypt to multiple recipients
Stored in a file, it should begin with "cm/encrypted" [encoding/MAGIC].
-[schemas/encrypted.tcl]
+
+include [schemas/encrypted.tcl]\r
"/payload" contains the ciphertext. It is encrypted with random "content
encryption key" (CEK) with an algorithm specified in "/dem/a" (data
=> https://datatracker.ietf.org/doc/html/rfc5652 CMS\r
Stored in a file, it should begin with "cm/hashed" [encoding/MAGIC].
-[schemas/hashed.tcl]
+
+include [schemas/hashed.tcl]\r
+
"/a" tells what algorithms will be used to hash the data.
"/t" tells the type of the data inside.
"/hash" contains the hash values for all corresponding "/a" algorithms.
Balloon-BLAKE2b+HKDF KEM.
-[schemas/kem-balloon-blake2b-hkdf.tcl]
+
+include [schemas/kem-balloon-blake2b-hkdf.tcl]\r
+
Balloon memory-hardened password hasher must be used with BLAKE2b hash.
=> https://crypto.stanford.edu/balloon/ Balloon\r
GOST R 34.10+HKDF KEM.
-[schemas/kem-gost3410-hkdf.tcl]
+
+include [schemas/kem-gost3410-hkdf.tcl]\r
+
GOST R 34.10-2012 VKO parameter set A/C ("gost3410-256A", "gost3410-512C")
must be used for DH operation, with UKM taken from the structure. VKO's
output is 512- or 1024-bit "BE(X)||BE(Y)" point, used in HKDF below:
Classic McEliece 6960-119+X25519+HKDF-SHAKE256 KEM.
-[schemas/kem-with-encap.tcl]
+
+include [schemas/kem-with-encap.tcl]\r
+
"/kem/*/a" equals to "mceliece6960119-x25519-hkdf-shake256".
Recipient public key with [cm/pub/mceliece6960119-x25519]
algorithm must be used. It should have "kem" key usage set.
PBKDF2 KEM.
-[schemas/kem-pbkdf2.tcl]
+
+include [schemas/kem-pbkdf2.tcl]\r
+
PBKDF2 is RFC 2898 algorithm.
Key length equal to key wrapping algorithm requirements.
=> https://datatracker.ietf.org/doc/html/rfc2898 RFC 2898\r
SNTRUP4591761+X25519+HKDF-BLAKE2b KEM.
-[schemas/kem-with-encap.tcl]
+
+include [schemas/kem-with-encap.tcl]\r
+
"/kem/*/a" equals to "sntrup4591761-x25519-hkdf-blake2b".
Recipient public key with [cm/pub/sntrup4591761-x25519]
algorithm must be used. It should have "kem" key usage set.
Private key container.
-[schemas/av.tcl]
+
+include [schemas/av.tcl]\r
+
Stored in a file, it should begin with "cm/prv" [encoding/MAGIC].
do-backs\r
Stored in a file, it should begin with "cm/pub" [encoding/MAGIC].
Its "/load/t" equals to "pub". "/load/v" contains "cm/pub/load":
-[schemas/pub-load.tcl]
+
+include [schemas/pub-load.tcl]\r
sub:
Subject is a map of arbitrary strings. Currently no constraints on
ones may be placed outside that map, directly in cm/pub/load.
It *must* be absent if empty. Values are extension specific.
-[cm/signed/]'s "sig-tbs" *must* contain additional fields: [schemas/pub-sig-tbs.tcl]
+[cm/signed/]'s "sig-tbs" *must* contain additional fields:
+
+include [schemas/pub-sig-tbs.tcl]\r
sid: Signing public key's fingerprint.
cid: Certification unique identifier. UUIDv7 is a good choice.
Stored in a file, it should begin with "cm/signed" [encoding/MAGIC],
unless it is a [cm/pub/]lic key.
-[schemas/av.tcl] [schemas/fpr.tcl] [schemas/signed.tcl]
+include [schemas/av.tcl]\r
+include [schemas/fpr.tcl]\r
+include [schemas/signed.tcl]\r
Signature is created by signing the:
cm/signed/prehash || BLOB(detached-data) || cm/signed
-[schemas/signed-prehash.tcl]
+include [schemas/signed-prehash.tcl]\r
With "cm/signed/prehash" you initialise your hashers used during signing
process and feed BLOB's contents (not the encoded BLOB itself!) into the them.
}
and [cm/pub/] as:
-[schemas/pub.tcl]
-[schemas/fpr.tcl]
-[schemas/pub-load.tcl]
-[schemas/pub-sig-tbs.tcl]
+
+include [schemas/pub.tcl]\r
+include [schemas/fpr.tcl]\r
+include [schemas/pub-load.tcl]\r
+include [schemas/pub-sig-tbs.tcl]\r
schema.tcl calls "schemas {s0 cmds0 s1 cmds1 ...}"
commands to produce an encoded map with "cmds*" commands for