From 57e7c8316abaf40c1067598f043f2c7a8f7866e0ac6633730786de5047487637 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Fri, 21 Feb 2025 15:19:03 +0300
Subject: [PATCH] Widen public key fingerprints

To safely use them in pinning and forgetting about possible collisions.
---
 go/cm/cmd/enctool/main.go            | 28 +++++++++++++-------------
 go/cm/cmd/keytool/main.go            |  3 +--
 go/cm/cmd/sigtool/basic.t            | 12 ++++++-----
 go/cm/cmd/sigtool/main.go            | 24 ++++++++++------------
 go/cm/enc/balloon/decap.go           |  4 ++--
 go/cm/enc/enc.go                     |  9 ++++-----
 go/cm/enc/kem.go                     | 12 +++++------
 go/cm/sign/ed25519-blake2b/signer.go |  2 +-
 go/cm/sign/pub.go                    | 18 +++++++++--------
 go/cm/sign/signed.go                 |  4 ++--
 spec/cm/encrypted.cddl               |  8 +++++---
 spec/cm/encrypted.texi               |  4 ++--
 spec/cm/pub-load.cddl                |  5 +++--
 spec/cm/pub-sig-tbs.cddl             |  6 +++---
 spec/cm/pub.texi                     | 30 ++++++++++++----------------
 spec/cm/signed.cddl                  |  8 +++++---
 spec/cm/signed.texi                  |  3 +--
 17 files changed, 89 insertions(+), 91 deletions(-)

diff --git a/go/cm/cmd/enctool/main.go b/go/cm/cmd/enctool/main.go
index a6e6ef2..3dbf2d3 100644
--- a/go/cm/cmd/enctool/main.go
+++ b/go/cm/cmd/enctool/main.go
@@ -157,7 +157,7 @@ func main() {
 
 	fdPubR := os.NewFile(FdPubR, "pub-in")
 	var pubs []cm.AV
-	var pubIds []uuid.UUID
+	var pubIds [][]byte
 	if data, err := io.ReadAll(fdPubR); err == nil {
 		for len(data) > 0 {
 			var signed *sign.Signed
@@ -259,7 +259,7 @@ func main() {
 				if kem.Encap == nil {
 					log.Fatalln("missing encap")
 				}
-				if len(*kem.Encap) != sntrup4591761.CiphertextSize+32 {
+				if len(kem.Encap) != sntrup4591761.CiphertextSize+32 {
 					log.Fatalln("invalid encap len")
 				}
 				for _, prv := range prvs {
@@ -280,7 +280,7 @@ func main() {
 						log.Fatal(err)
 					}
 					var theirSNTRUP sntrup4591761.Ciphertext
-					copy(theirSNTRUP[:], *kem.Encap)
+					copy(theirSNTRUP[:], kem.Encap)
 					keySNTRUP, eq := sntrup4591761.Decapsulate(&theirSNTRUP, &ourSNTRUP)
 					if eq != 1 {
 						log.Println("can not KEM, skipping")
@@ -288,7 +288,7 @@ func main() {
 					}
 					var theirX25519 *ecdh.PublicKey
 					theirX25519, err = x25519.NewPublicKey(
-						(*kem.Encap)[sntrup4591761.CiphertextSize:],
+						kem.Encap[sntrup4591761.CiphertextSize:],
 					)
 					if err != nil {
 						log.Fatal(err)
@@ -304,7 +304,7 @@ func main() {
 							ourX25519.PublicKey().Bytes()...,
 						)
 						ikm := bytes.Join([][]byte{
-							*kem.Encap, pub,
+							kem.Encap, pub,
 							keySNTRUP[:], keyX25519,
 						}, []byte{})
 						var prk []byte
@@ -347,7 +347,7 @@ func main() {
 				if kem.Encap == nil {
 					log.Fatalln("missing encap")
 				}
-				if len(*kem.Encap) != mceliece6960119.CiphertextSize+32 {
+				if len(kem.Encap) != mceliece6960119.CiphertextSize+32 {
 					log.Fatalln("invalid encap len")
 				}
 				for _, prv := range prvs {
@@ -370,7 +370,7 @@ func main() {
 					if err != nil {
 						log.Fatal(err)
 					}
-					theirMcEliece := (*kem.Encap)[:len(*kem.Encap)-32]
+					theirMcEliece := (kem.Encap)[:len(kem.Encap)-32]
 					var keyMcEliece []byte
 					keyMcEliece, err = mceliece6960119.Decapsulate(ourMcEliece, theirMcEliece)
 					if err != nil {
@@ -378,7 +378,7 @@ func main() {
 					}
 					var theirX25519 *ecdh.PublicKey
 					theirX25519, err = x25519.NewPublicKey(
-						(*kem.Encap)[len(*kem.Encap)-32:],
+						(kem.Encap)[len(kem.Encap)-32:],
 					)
 					if err != nil {
 						log.Fatal(err)
@@ -400,7 +400,7 @@ func main() {
 							ourX25519.PublicKey().Bytes()...,
 						)
 						ikm := bytes.Join([][]byte{
-							*kem.Encap, pub,
+							kem.Encap, pub,
 							keyMcEliece, keyX25519,
 						}, []byte{})
 						var prk []byte
@@ -479,7 +479,7 @@ func main() {
 			rand.Read(bSalt)
 			kem := cmenc.KEM{
 				A:    cmballoon.BalloonBLAKE2bHKDF,
-				Salt: &bSalt,
+				Salt: bSalt,
 				BalloonCost: &ballooncost.Cost{
 					S: uint64(*balloonS),
 					T: uint64(*balloonT),
@@ -543,7 +543,7 @@ func main() {
 				}
 				kem := cmenc.KEM{A: sntrup4591761x25519.SNTRUP4591761X25519HKDFBLAKE2b}
 				encap := append(ciphertext[:], ourPubX25519.Bytes()...)
-				kem.Encap = &encap
+				kem.Encap = encap
 				{
 					ikm := bytes.Join([][]byte{
 						encap, pub.V,
@@ -572,7 +572,7 @@ func main() {
 					kem.CEK = cekp.Bytes()
 				}
 				if *includeTo {
-					kem.To = &pubIds[pubId]
+					kem.To = pubIds[pubId]
 				}
 				kems = append(kems, kem)
 			case mceliece6960119x25519.ClassicMcEliece6960119X25519:
@@ -611,7 +611,7 @@ func main() {
 				}
 				kem := cmenc.KEM{A: mceliece6960119x25519.ClassicMcEliece6960119X25519HKDFSHAKE256}
 				encap := append(ciphertext[:], ourPubX25519.Bytes()...)
-				kem.Encap = &encap
+				kem.Encap = encap
 				{
 					ikm := bytes.Join([][]byte{
 						encap, pub.V,
@@ -640,7 +640,7 @@ func main() {
 					kem.CEK = cekp.Bytes()
 				}
 				if *includeTo {
-					kem.To = &pubIds[pubId]
+					kem.To = pubIds[pubId]
 				}
 				kems = append(kems, kem)
 			default:
diff --git a/go/cm/cmd/keytool/main.go b/go/cm/cmd/keytool/main.go
index d6a000f..4e1ee1f 100644
--- a/go/cm/cmd/keytool/main.go
+++ b/go/cm/cmd/keytool/main.go
@@ -28,7 +28,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/google/uuid"
 	"go.cypherpunks.su/keks"
 	"go.cypherpunks.su/keks/cm"
 	mceliece6960119x25519 "go.cypherpunks.su/keks/cm/enc/mceliece6960119-x25519"
@@ -214,7 +213,7 @@ func main() {
 			if err != nil {
 				log.Fatal(err)
 			}
-			pubLoad.Id, err = uuid.NewRandomFromReader(bytes.NewReader(hasher.Sum(nil)))
+			pubLoad.Id = hasher.Sum(nil)
 			if err != nil {
 				log.Fatal(err)
 			}
diff --git a/go/cm/cmd/sigtool/basic.t b/go/cm/cmd/sigtool/basic.t
index 0cab904..5423395 100755
--- a/go/cm/cmd/sigtool/basic.t
+++ b/go/cm/cmd/sigtool/basic.t
@@ -15,8 +15,10 @@ test_expect_success "$keyalgo: pub generation" "cmkeytool \
     -algo $keyalgo -ku sig $sub \
     5>$TMPDIR/sign.$keyalgo.pub 9>$TMPDIR/sign.$keyalgo.prv"
 dd if=/dev/urandom of=$TMPDIR/sign.$keyalgo.data bs=300K count=1 2>/dev/null
-encTo="-encrypted-to $(uuidgen)"
-badEncTo="-encrypted-to $(uuidgen)"
+encTo=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -c 0 -p)
+badEncTo=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -c 0 -p)
+encTo="-encrypted-to $encTo"
+badEncTo="-encrypted-to $badEncTo"
 
 for merkle in "" "-merkle" ; do
 
@@ -44,11 +46,11 @@ test_expect_success "$algo: detached verifying" \
     "cat $TMPDIR/sign.$algo.detached.sig $TMPDIR/sign.$keyalgo.data |
         cmsigtool -detached -verify -type $typ 4<$TMPDIR/sign.$keyalgo.pub"
 test_expect_success "$algo: differing type" "! cmsigtool -detached \
-    -verify -pub 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
+    -verify 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
 test_expect_success "$algo: good encTo" "! cmsigtool -detached \
-    -verify -pub $encTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
+    -verify $encTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
 test_expect_success "$algo: bad encTo" "! cmsigtool -detached \
-    -verify -pub $badEncTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
+    -verify $badEncTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
 
 done
 
diff --git a/go/cm/cmd/sigtool/main.go b/go/cm/cmd/sigtool/main.go
index defdcb2..8e82e34 100644
--- a/go/cm/cmd/sigtool/main.go
+++ b/go/cm/cmd/sigtool/main.go
@@ -18,16 +18,14 @@ package main
 import (
 	"bufio"
 	"bytes"
+	"encoding/hex"
 	"flag"
 	"hash"
 	"io"
 	"log"
 	"os"
-	"slices"
 	"time"
 
-	"github.com/google/uuid"
-
 	"go.cypherpunks.su/keks"
 	cmhash "go.cypherpunks.su/keks/cm/hash"
 	"go.cypherpunks.su/keks/cm/sign"
@@ -55,9 +53,9 @@ func main() {
 	flag.Usage = usage
 	typ := flag.String("type", "data", "Set/check the load type")
 	verify := flag.Bool("verify", false, "Do verification")
-	var encryptedTo []uuid.UUID
-	flag.Func("encrypted-to", "Set/check encrypted-to, UUID", func(v string) error {
-		to, err := uuid.Parse(v)
+	var encryptedTo [][]byte
+	flag.Func("encrypted-to", "Set/check encrypted-to, hex", func(v string) error {
+		to, err := hex.DecodeString(v)
 		if err != nil {
 			return err
 		}
@@ -156,10 +154,12 @@ func main() {
 				log.Fatal("missing encrypted-to")
 			}
 			found := false
-			for _, to := range *sig.TBS.EncryptedTo {
-				if slices.Contains(encryptedTo, to) {
-					found = true
-					break
+			for _, their := range sig.TBS.EncryptedTo {
+				for _, our := range encryptedTo {
+					if bytes.Equal(our, their) {
+						found = true
+						break
+					}
 				}
 			}
 			if !found {
@@ -228,9 +228,7 @@ func main() {
 			when := time.Now().UTC().Truncate(time.Millisecond)
 			sigTbs.When = &when
 		}
-		if len(encryptedTo) > 0 {
-			sigTbs.EncryptedTo = &encryptedTo
-		}
+		sigTbs.EncryptedTo = encryptedTo
 		if err = signed.SignWith(pub.PubLoad(), signer, sigTbs); err != nil {
 			log.Fatal(err)
 		}
diff --git a/go/cm/enc/balloon/decap.go b/go/cm/enc/balloon/decap.go
index 5aa9c56..b37acff 100644
--- a/go/cm/enc/balloon/decap.go
+++ b/go/cm/enc/balloon/decap.go
@@ -42,7 +42,7 @@ func blake2bHash() hash.Hash {
 }
 
 func Decapsulate(kem cmenc.KEM, encSalt, passphrase []byte) (cek []byte, err error) {
-	if kem.Salt == nil {
+	if len(kem.Salt) == 0 {
 		return nil, errors.New("missing salt")
 	}
 	if kem.BalloonCost == nil {
@@ -54,7 +54,7 @@ func Decapsulate(kem cmenc.KEM, encSalt, passphrase []byte) (cek []byte, err err
 		balloon.H(
 			blake2bHash,
 			passphrase,
-			*kem.Salt,
+			kem.Salt,
 			int(kem.BalloonCost.S),
 			int(kem.BalloonCost.T),
 			int(kem.BalloonCost.P),
diff --git a/go/cm/enc/enc.go b/go/cm/enc/enc.go
index 2a84f5c..4ec157d 100644
--- a/go/cm/enc/enc.go
+++ b/go/cm/enc/enc.go
@@ -3,9 +3,8 @@ package encrypted
 import "github.com/google/uuid"
 
 type Encrypted struct {
-	DEM  DEM       `keks:"dem"`
-	KEM  []KEM     `keks:"kem"`
-	Salt uuid.UUID `keks:"salt"`
-
-	Payload []byte `keks:"payload,omitempty"`
+	DEM     DEM       `keks:"dem"`
+	KEM     []KEM     `keks:"kem"`
+	Payload []byte    `keks:"payload,omitempty"`
+	Salt    uuid.UUID `keks:"salt"`
 }
diff --git a/go/cm/enc/kem.go b/go/cm/enc/kem.go
index 94a7a95..bb4a3b4 100644
--- a/go/cm/enc/kem.go
+++ b/go/cm/enc/kem.go
@@ -1,8 +1,6 @@
 package encrypted
 
 import (
-	"github.com/google/uuid"
-
 	balloon "go.cypherpunks.su/keks/cm/enc/balloon/cost"
 )
 
@@ -12,13 +10,13 @@ const (
 )
 
 type KEM struct {
-	A   string     `keks:"a"`
-	CEK []byte     `keks:"cek"`
-	To  *uuid.UUID `keks:"to,omitempty"`
+	A   string `keks:"a"`
+	CEK []byte `keks:"cek"`
+	To  []byte `keks:"to,omitempty"`
 
 	// balloon-blake2b-hkdf related
 	BalloonCost *balloon.Cost `keks:"cost,omitempty"`
-	Salt        *[]byte       `keks:"salt,omitempty"`
+	Salt        []byte        `keks:"salt,omitempty"`
 
-	Encap *[]byte `keks:"encap,omitempty"`
+	Encap []byte `keks:"encap,omitempty"`
 }
diff --git a/go/cm/sign/ed25519-blake2b/signer.go b/go/cm/sign/ed25519-blake2b/signer.go
index 8e992a7..9dcccda 100644
--- a/go/cm/sign/ed25519-blake2b/signer.go
+++ b/go/cm/sign/ed25519-blake2b/signer.go
@@ -31,8 +31,8 @@ import (
 
 type Signer struct {
 	Prv       *ed25519.PrivateKey
-	mode      mode.Mode
 	prehasher *hash.Hash
+	mode      mode.Mode
 }
 
 func (s *Signer) SetMode(m mode.Mode) error {
diff --git a/go/cm/sign/pub.go b/go/cm/sign/pub.go
index 4c76131..64703d9 100644
--- a/go/cm/sign/pub.go
+++ b/go/cm/sign/pub.go
@@ -35,6 +35,7 @@ const (
 	KUSig    = "sig" // Signing-capable key usage
 	KUKEM    = "kem" // Key-encapsulation-mechanism key usage
 	PubMagic = keks.Magic("cm/pub")
+	FPRLen   = 32 // fingerprint's length
 )
 
 var (
@@ -48,7 +49,7 @@ type PubLoad struct {
 	Sub  map[string]string     `keks:"sub"`
 	Crit *[]map[string]any     `keks:"crit,omitempty"`
 	Pub  []cm.AV               `keks:"pub"`
-	Id   uuid.UUID             `keks:"id"`
+	Id   []byte                `keks:"id"`
 }
 
 // Parse Signed contents as PubLoad (certificate) and check its
@@ -105,8 +106,8 @@ func (signed *Signed) PubParse() error {
 	if len(load.Pub) == 0 {
 		return errors.New("PubParse: empty pub")
 	}
-	if load.Id == uuid.Nil {
-		return errors.New("PubParse: empty id")
+	if len(load.Id) != FPRLen {
+		return errors.New("PubParse: invalid id len")
 	}
 	for _, pub := range load.Pub {
 		if len(pub.A) == 0 || len(pub.V) == 0 {
@@ -250,7 +251,7 @@ func (signed *Signed) CertificationCheckSignatureFrom(
 		return
 	}
 	sig := signed.Sigs[0]
-	if sig.TBS.SID != parent.Id {
+	if !bytes.Equal(sig.TBS.SID, parent.Id) {
 		err = errors.New("sid != parent pub id")
 		return
 	}
@@ -305,19 +306,20 @@ func (signed *Signed) CertificationVerify(pubs []*Signed, t time.Time) (err erro
 		}
 	}
 	sid := signed.Sigs[0].TBS.SID
-	if sid == signed.PubLoad().Id {
+	if bytes.Equal(sid, signed.PubLoad().Id) {
 		return signed.CertificationCheckSignatureFrom(signed.PubLoad(), nil)
 	}
-	idToPub := make(map[uuid.UUID]*Signed, len(pubs))
+	type FPR [FPRLen]byte
+	idToPub := make(map[FPR]*Signed, len(pubs))
 	for _, cer := range pubs {
 		pubLoad := cer.PubLoad()
 		if !pubLoad.Can(KUSig) || len(pubLoad.Pub) != 1 {
 			err = errors.New("pub can not sign")
 			return
 		}
-		idToPub[pubLoad.Id] = cer
+		idToPub[FPR(pubLoad.Id)] = cer
 	}
-	signer := idToPub[sid]
+	signer := idToPub[FPR(sid)]
 	if signer == nil {
 		err = fmt.Errorf("no pub found for sid: %v", signed.Sigs[0].TBS.SID)
 		return
diff --git a/go/cm/sign/signed.go b/go/cm/sign/signed.go
index e0d8399..cd7ec50 100644
--- a/go/cm/sign/signed.go
+++ b/go/cm/sign/signed.go
@@ -45,8 +45,8 @@ type SigTBS struct {
 	CID         *uuid.UUID   `keks:"cid,omitempty"`
 	Exp         *[]time.Time `keks:"exp,omitempty"`
 	When        *time.Time   `keks:"when,omitempty"`
-	EncryptedTo *[]uuid.UUID `keks:"encrypted-to,omitempty"`
-	SID         uuid.UUID    `keks:"sid"`
+	EncryptedTo [][]byte     `keks:"encrypted-to,omitempty"`
+	SID         []byte       `keks:"sid"`
 }
 
 type Sig struct {
diff --git a/spec/cm/encrypted.cddl b/spec/cm/encrypted.cddl
index 67e5a93..cdb6596 100644
--- a/spec/cm/encrypted.cddl
+++ b/spec/cm/encrypted.cddl
@@ -35,24 +35,26 @@ kem-balloon-blake2b-hkdf = {
     salt: bytes,
 }
 
+fpr = bytes .size 32
+
 kem-gost3410-hkdf-kexp15 = {
     a: "gost3410-hkdf-kexp15",
     cek: bytes,
     ukm: bytes,
     pub: bytes,
-    ? to: uuid, ; recipient's public key id
+    ? to: fpr, ; recipient's public key fingerprint
 }
 
 kem-sntrup4591761-x25519-hkdf-blake2b = {
     a: "sntrup4591761-x25519-hkdf-blake2b",
     cek: bytes,
     encap: bytes,
-    ? to: uuid, ; recipient's public key id
+    ? to: fpr, ; recipient's public key fingerprint
 }
 
 kem-mceliece6960119-x25519-hkdf-shake256 = {
     a: "mceliece6960119-x25519-hkdf-shake256 ",
     cek: bytes,
     encap: bytes,
-    ? to: uuid, ; recipient's public key id
+    ? to: fpr, ; recipient's public key fingerprint
 }
diff --git a/spec/cm/encrypted.texi b/spec/cm/encrypted.texi
index b88da31..b7f4fc5 100644
--- a/spec/cm/encrypted.texi
+++ b/spec/cm/encrypted.texi
@@ -24,11 +24,11 @@ contains an encrypted CEK.
 
 If KEM uses public-key based cryptography, then recipient's
 @ref{cm-pub, public key}(s) should be provided, which may lack the
-signatures at all. Optional @code{/kem/*/to}, public key's identifier,
+signatures at all. Optional @code{/kem/*/to}, public key's fingerprint,
 may provide a hint for quickly searching for the key on the recipient's
 side.
 
-@code{/salt} is used in KEMs. Either UUIDv4 or UUIDv7 are recommended.
+@code{/salt} is used in KEMs. UUIDv4 is recommended.
 
 @node cm-encrypted-chacha20poly1305
 @cindex cm-encrypted-chacha20poly1305
diff --git a/spec/cm/pub-load.cddl b/spec/cm/pub-load.cddl
index fd3d96b..a2cc418 100644
--- a/spec/cm/pub-load.cddl
+++ b/spec/cm/pub-load.cddl
@@ -1,14 +1,15 @@
 ai = text ; algorithm identifier
 av = {a: ai, v: bytes}
+fpr = bytes .size 32
+ku = "sig" / "kem" / "app-name" / text
 
 cm-pub-load = {
     ? ku: set,
-    id: uuid,
+    id: fpr,
     pub: [+ av],
     sub: {text => text}, ; subject
     ? crit: {+ crit-ext-type => any},
     * text => any
 }
 
-ku = "sig" / "kem" / "app-name" / text
 crit-ext-type = text
diff --git a/spec/cm/pub-sig-tbs.cddl b/spec/cm/pub-sig-tbs.cddl
index 115db0a..31cfef0 100644
--- a/spec/cm/pub-sig-tbs.cddl
+++ b/spec/cm/pub-sig-tbs.cddl
@@ -1,8 +1,8 @@
+validity = [since: tai64, till: tai64]
+
 cm-pub-sig-tbs = {
-    sid: uuid, ; signer's public key id
     cid: uuid, ; certification id
     exp: validity,
+    sid: fpr, ; signer's public key fingerprint
     * text => any
 }
-
-validity = [since: tai64, till: tai64]
diff --git a/spec/cm/pub.texi b/spec/cm/pub.texi
index 7c00ce6..20323cf 100644
--- a/spec/cm/pub.texi
+++ b/spec/cm/pub.texi
@@ -38,14 +38,11 @@ If your keypair is intended for general purposes like signing of
 arbitrary data, then single public key @strong{should} be used, with a
 key usage like "sig".
 
-Each public key contain the key itself, its algorithm identifier and key
-identifier, that @strong{should} be generated as an UUIDv4 based on the
-hash of the key.
-
 @item id
 
-Public key(s)'s identifier @strong{should} be generated as an UUIDv4
-based on the hash of the encoded @code{pub} field.
+Public key(s)'s fingerprint @strong{should} be generated as 256-bit hash
+hash of the encoded @code{pub} field. If not stated otherwise for
+specific algorithm.
 
 @item ku
 Intended public key(s) usage.
@@ -66,7 +63,7 @@ It @strong{must} be absent if empty. Values are extension specific.
 @table @code
 
 @item sid
-Signing public key identifier.
+Signing public key's fingerprint.
 
 @item cid
 Certification unique identifier. UUIDv7 is a good choice. But it may be
@@ -85,7 +82,7 @@ Example minimal certified public key may look like:
     "load": {
         "t": "pub",
         "v": {
-            "id": UUID(hash(pub)),
+            "id": hash(pub),
             "pub": [{"a": "gost3410-256A", "v"}],
             "sub": {"n": "test"},
         },
@@ -93,7 +90,7 @@ Example minimal certified public key may look like:
     "sigs": [{
         "tbs": {
             "cid": UUID(certification id),
-            "sid": UUID(signer's pkid),
+            "sid": signer's pkid,
             "exp": [TAI64, TAI64],
         },
         "sign": {"a": "gost3410-256A", "v": 'signature'},
@@ -113,7 +110,7 @@ in @code{BE(X)||BE(Y)} format.
 Algorithm identifiers for the public key: @code{gost3410-256A},
 @code{gost3410-512C}.
 
-Public key's identifier should be calculated using big-endian
+Public key's fingerprint should be calculated using big-endian
 Streebog-256 hash.
 
 @node cm-pub-ed25519-blake2b
@@ -124,10 +121,10 @@ Streebog-256 hash.
 Same calculation and serialisation rules must be used as with
 @code{@ref{cm-signed-ed25519-blake2b}}.
 
-Public key's identifier should be calculated using BLAKE2b hash with 128
-or 256 bit output length specified.
+Public key's fingerprint should be calculated using BLAKE2b hash with
+256 bit output length specified.
 
-Algorithm identifier for the public key: @code{ed25519ph-blake2b}.
+Algorithm identifier for the public key: @code{ed25519-blake2b}.
 
 @node cm-pub-sntrup4591761-x25519
 @cindex cm-pub-sntrup4591761-x25519
@@ -141,8 +138,8 @@ Its algorithm identifier is @code{sntrup4591761-x25519}. Its public key
 value is a concatenation of 1218-byte SNTRUP4591761 public key and
 32-byte X25519 one.
 
-Public key's identifier should be calculated using BLAKE2b hash with 128
-or 256 bit output length specified.
+Public key's fingerprint should be calculated using BLAKE2b hash with
+256 bit output length specified.
 
 @node cm-pub-mceliece6960119-x25519
 @cindex cm-pub-mceliece6960119-x25519
@@ -156,5 +153,4 @@ Its algorithm identifier is @code{mceliece6960119-x25519}. Its public key
 value is a concatenation of 1047319-byte @code{mceliece6960119} public key
 and 32-byte X25519 one.
 
-Public key's identifier should be calculated using either SHAKE128 or
-SHAKE256 hash.
+Public key's fingerprint should be calculated using SHAKE128.
diff --git a/spec/cm/signed.cddl b/spec/cm/signed.cddl
index c1b472d..f515e01 100644
--- a/spec/cm/signed.cddl
+++ b/spec/cm/signed.cddl
@@ -9,6 +9,8 @@ cm-signed = {
     ? pubs: [+ cm-pub],
 }
 
+url = text
+
 sig = {
     tbs: sig-tbs,
     sign: {a: ai, v: bytes},
@@ -16,11 +18,11 @@ sig = {
     * text => any
 }
 
-url = text
+fpr = bytes .size 32
 
 sig-tbs = {
-    sid: uuid, ; signer's public key id
-    ? encrypted-to: [+ uuid], ; recipient's public key ids
+    sid: fpr, ; signer's public key fingerprint
+    ? encrypted-to: [+ fpr], ; recipient's public key fingerprints
     ? when: tai64 / tai64n,
     * text => any
 }
diff --git a/spec/cm/signed.texi b/spec/cm/signed.texi
index b0634e3..3d7f494 100644
--- a/spec/cm/signed.texi
+++ b/spec/cm/signed.texi
@@ -45,7 +45,7 @@ help creating the whole verification chain. They are placed outside
 
 If signed data is also intended to be @ref{cm-encrypted, encrypted},
 then @code{/sigs/*/tbs/encrypted-to} should be set to corresponding
-recipient's public key id(s).
+recipient's public key fingerprint(s).
 
 @node cm-signed-gost3410
 @cindex cm-signed-gost3410
@@ -69,7 +69,6 @@ recipient's public key id(s).
     Algorithm identifiers for the signature: @code{gost3410-256A-merkle},
     @code{gost3410-512C-merkle}.
 
-
 @node cm-signed-ed25519-blake2b
 @cindex cm-signed-ed25519-blake2b
 @cindex cm-signed-ed25519ph-blake2b
-- 
2.48.1