PublicKey Info Base » History » Revision 2
Revision 1 (Yingdi Yu, 07/07/2014 02:41 PM) → Revision 2/79 (Yingdi Yu, 07/07/2014 07:23 PM)
Public key Info Base (PIB) Service ================================== ## Public Key Info Management NDN data packets are secured through digital signatures. In order to generate Besides signing a valid signature, data packet with a private key, an NDN application needs may need to know not only the correct key to use but also the correct public key information that should be put into the `KeyLocator` of a data packet. The information needs to be managed locally on the system where the application is running. The information related to keys is managed at three granularities: identities, keys, and certificates. A key is always associated with a namespace, called "identity". An identity however may have more than one keys bound. Among these keys, only one is the default key of the identity. If only identity is provided when signing a packet, the default key of the identity will be used to sign the packet. A certificate is always associated with the key in the certificate If a certificate is provided when signing a packet, the corresponding private public key should be used to sign the packet and the name of the certificate name may be put into the `KeyLocator` of the data packet. A key may have more than one certificates (e.g., certificates may be issued by different parties). Among these certificates, only one is the default certificate of the key. The default certificate of the default key of an identity is the default certificate of the identity. If only identity is provided when signing a packet, the name of the default certificate of the identity may be put into the `KeyLocator` of the packet. All the information may be accessed by different APIs and applications on the same system, therefore it is desirable to make the information provisioning as a system service. Generating a correct signature does not only requires the access to the private key, A valid signature may also Public key information may be accessed by different APIs and applications on the same system. The information may include: the name of the public key, the identity represent