Task #3048
closed
Create ndn-tlv based private key wrapper
100%
Description
Tpm provide private key import and export functionalities. When exporting a private key, we need to encrypt the private key and store it in a container. In our earlier implementation, we follow the PKCS #5 and #8, and encode information in DER format. As a part of certificate refactoring (basically getting rid of the dependency on DER encoding), we also want to encode private key wrapper in ndn-tlv. The new encoding would be (Note that the high level abstraction stays same with PKCS #5 and #8, just use different encoding):
PrivateKeyWrapper ::= PRIVATE-KEY-WRAPPER-TYPE TLV-LENGTH
EncryptSalt
EncryptIteration
EncryptParams
EncryptedKey
EncryptSalt ::= ENCRYPT-SALT-TYPE TLV-LENGTH
BYTE+
EncryptIteration ::= ENCRYPT-ITERATION-TYPE TLV-LENGTH
NonNegativeInteger
EncryptedKey ::= ENCRYPTED-KEY-TYPE TLV-LENGTH
BYTE+
EncryptParams ::= ENCRYPT-PARAMS-TYPE TLV-LENGTH
EncryptAlgorithm
EncryptInitialVector?
EncryptAlgorithm ::= ENCRYPT-ALGORITHM-TYPE TLV-LENGTH
NonNegativeInteger
EncryptInitialVector ::= ENCRYPT-INITIAL-VECTOR-TYPE TLV-LENGTH
BYTE+
This involves implementation of two classes: PrivateKeyWrapper and EncryptParams.
The reason for this separation is that EncryptParams may be used for other encryption cases.
All tlv types are application specific:
enum {
// Encryption parameters
Params = 128,
Algorithm = 129,
InitialVector = 130,
// Password wrapper
Salt = 131,
Iteration = 132,
// Payload
PayLoad = 133,
// Private key wrapper
PrivateKeyWrapper = 134,
EncryptedKey = 135
};
Some values are defined as:
enum AlgorithmValue {
// Block cipher
BlockCipherAesCbc = 0,
BlockCipherDesEde3Cbc = 1,
};
Updated by 
Updated by 
Updated by