PublicKey Info Base » History » Version 2
Yingdi Yu, 07/07/2014 07:23 PM
1 | 1 | Yingdi Yu | Public key Info Base (PIB) Service |
---|---|---|---|
2 | ================================== |
||
3 | |||
4 | ## Public Key Info Management |
||
5 | |||
6 | NDN data packets are secured through digital signatures. |
||
7 | 2 | Yingdi Yu | In order to generate a valid signature, an NDN application needs to know not only the correct key to use but also the correct public key information that should be put into the `KeyLocator` of a data packet. |
8 | The information needs to be managed locally on the system where the application is running. |
||
9 | |||
10 | The information related to keys is managed at three granularities: identities, keys, and certificates. |
||
11 | A key is always associated with a namespace, called "identity". |
||
12 | An identity however may have more than one keys bound. |
||
13 | Among these keys, only one is the default key of the identity. |
||
14 | If only identity is provided when signing a packet, the default key of the identity will be used to sign the packet. |
||
15 | |||
16 | A certificate is always associated with the key in the certificate |
||
17 | If a certificate is provided when signing a packet, the corresponding private key should be used to sign the packet |
||
18 | and the name of the certificate name may be put into the `KeyLocator` of the packet. |
||
19 | |||
20 | A key may have more than one certificates (e.g., certificates may be issued by different parties). |
||
21 | Among these certificates, only one is the default certificate of the key. |
||
22 | The default certificate of the default key of an identity is the default certificate of the identity. |
||
23 | If only identity is provided when signing a packet, the name of the default certificate of the identity may be put into the `KeyLocator` of the packet. |
||
24 | |||
25 | |||
26 | All the information may be accessed by different APIs and applications on the same system, therefore it is desirable to make the information provisioning as a system service. |
||
27 | |||
28 | |||
29 | Generating a correct signature does not only requires the access to the private key, |
||
30 | |||
31 | |||
32 | A valid signature may also |
||
33 | Public key information may be accessed by different APIs and applications on the same system. |
||
34 | The information may include: the name of the public key, the identity represent |