PublicKey Info Base » History » Version 2
Yingdi Yu, 07/07/2014 07:23 PM
| 1 | 1 | Yingdi Yu | Public key Info Base (PIB) Service |
|---|---|---|---|
| 2 | ================================== |
||
| 3 | |||
| 4 | ## Public Key Info Management |
||
| 5 | |||
| 6 | NDN data packets are secured through digital signatures. |
||
| 7 | 2 | Yingdi Yu | In order to generate a valid signature, an NDN application needs to know not only the correct key to use but also the correct public key information that should be put into the `KeyLocator` of a data packet. |
| 8 | The information needs to be managed locally on the system where the application is running. |
||
| 9 | |||
| 10 | The information related to keys is managed at three granularities: identities, keys, and certificates. |
||
| 11 | A key is always associated with a namespace, called "identity". |
||
| 12 | An identity however may have more than one keys bound. |
||
| 13 | Among these keys, only one is the default key of the identity. |
||
| 14 | If only identity is provided when signing a packet, the default key of the identity will be used to sign the packet. |
||
| 15 | |||
| 16 | A certificate is always associated with the key in the certificate |
||
| 17 | If a certificate is provided when signing a packet, the corresponding private key should be used to sign the packet |
||
| 18 | and the name of the certificate name may be put into the `KeyLocator` of the packet. |
||
| 19 | |||
| 20 | A key may have more than one certificates (e.g., certificates may be issued by different parties). |
||
| 21 | Among these certificates, only one is the default certificate of the key. |
||
| 22 | The default certificate of the default key of an identity is the default certificate of the identity. |
||
| 23 | If only identity is provided when signing a packet, the name of the default certificate of the identity may be put into the `KeyLocator` of the packet. |
||
| 24 | |||
| 25 | |||
| 26 | All the information may be accessed by different APIs and applications on the same system, therefore it is desirable to make the information provisioning as a system service. |
||
| 27 | |||
| 28 | |||
| 29 | Generating a correct signature does not only requires the access to the private key, |
||
| 30 | |||
| 31 | |||
| 32 | A valid signature may also |
||
| 33 | Public key information may be accessed by different APIs and applications on the same system. |
||
| 34 | The information may include: the name of the public key, the identity represent |