Project

General

Profile

Actions

PublicKey Info Base » History » Revision 2

« Previous | Revision 2/79 (diff) | Next »
Yingdi Yu, 07/07/2014 07:23 PM


Public key Info Base (PIB) Service

Public Key Info Management

NDN data packets are secured through digital signatures.
In order to generate a valid signature, an NDN application needs to know not only the correct key to use but also the correct public key information that should be put into the KeyLocator of a data packet.
The information needs to be managed locally on the system where the application is running.

The information related to keys is managed at three granularities: identities, keys, and certificates.
A key is always associated with a namespace, called "identity".
An identity however may have more than one keys bound.
Among these keys, only one is the default key of the identity.
If only identity is provided when signing a packet, the default key of the identity will be used to sign the packet.

A certificate is always associated with the key in the certificate
If a certificate is provided when signing a packet, the corresponding private key should be used to sign the packet
and the name of the certificate name may be put into the KeyLocator of the packet.

A key may have more than one certificates (e.g., certificates may be issued by different parties).
Among these certificates, only one is the default certificate of the key.
The default certificate of the default key of an identity is the default certificate of the identity.
If only identity is provided when signing a packet, the name of the default certificate of the identity may be put into the KeyLocator of the packet.

All the information may be accessed by different APIs and applications on the same system, therefore it is desirable to make the information provisioning as a system service.

Generating a correct signature does not only requires the access to the private key,

A valid signature may also
Public key information may be accessed by different APIs and applications on the same system.
The information may include: the name of the public key, the identity represent

Updated by Yingdi Yu over 10 years ago · 79 revisions