From 0b7a7d46ab04b2fec9ac40d2146beefeac18e020 Mon Sep 17 00:00:00 2001 From: Dave Mihalcik <38867245+dmihalcik-virtru@users.noreply.github.com> Date: Tue, 16 Mar 2021 09:41:53 -0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20PLAT-897=20Allow=20separate=20si?= =?UTF-8?q?gning=20and=20wrapper=20keys=20(#24)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add a second 'signerPublicKey' field to an EO - This is an ephemeral public key a client may use to sign rewrap and other requests associated with the EO. - This is required as some algorithms and key types are more suited for encryption and others for signatures. Notably, we must support this for the smaller keys and restricted set of algorithms that NanoTDF will likely impose - Implementation(s): - Client [nanotdf for javascript](https://github.com/virtru/eternia/pull/78) - Client [c++](https://github.com/virtru/tdf3-cpp/pull/193) - Service [OpenStack EAS and KAS (python)](https://github.com/virtru/etheria/pull/295) --- CHANGELOG.md | 9 +++++++++ schema/EntityObject.md | 3 ++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8110afe..53e91bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,15 @@ ## Added * _patch_: ([#17](https://github.com/virtru/tdf3-spec/pull/17)) Add KAS swagger + * _patch_: ([#24](https://github.com/virtru/tdf3-spec/pull/24)), PLAT-897: `EntityObject.signerPublicKey` + - Add a second 'signerPublicKey' field to an EO + - This is an ephemeral public key a client may use to sign rewrap and other requests associated with the EO. + - This is required as some algorithms and key types are more suited for encryption and others for signatures. Notably, we must support this for the smaller keys and restricted set of algorithms that NanoTDF will likely impose + - Implementations: + - Client [nanotdf for javascript](https://github.com/virtru/eternia/pull/78) + - Client [c++](https://github.com/virtru/tdf3-cpp/pull/193) + - Service [OpenStack EAS and KAS (python)](https://github.com/virtru/etheria/pull/295) + ## Changes * 1.3.4 (2019-08-05) * _patch_: ([#20](https://github.com/virtru/tdf3-spec/pull/20)) diff --git a/schema/EntityObject.md b/schema/EntityObject.md index 1a5cb75..270a517 100755 --- a/schema/EntityObject.md +++ b/schema/EntityObject.md @@ -40,10 +40,11 @@ When an entity wishes to decrypt a file, the following steps using the Entity Ob |`attributes`|Array|An array of signed [Attribute Object](AttributeObject.md)s. At most one of these may be a _default_ AttributeObject.|Yes| |`attributes.jwt`|String|An [Attribute Object](AttributeObject.md) that has been signed with the EAS private key as a [JWT](https://jwt.io/).|Yes| |`publicKey`|String|The entity's public key, in a PEM-encoded format.|Yes| +|`signerPublicKey`|String|A second public key used for signing KAS requests, in a PEM-encoded format. When using TDF3 with elliptic curve cryptography, the public key may use ECDH and the signing key ECDSA.|Optional, depends on choice of algorithm| |`cert`|String|The [Entity Object](EntityObject.md) contents (without `cert`) that has been signed with the EAS private key, as a [JWT](https://jwt.io/). The KAS uses this field to validate the authenticity of the Entity Object. |Yes| |`schemaVersion`|String|Version number of the Entity Object schema.|No| ## Version -The current schema version is `1.1.0`. +The current schema version is `1.1.1`.