Skip to content
This repository was archived by the owner on May 2, 2022. It is now read-only.

Commit 0b7a7d4

Browse files
dmihalcik-virtrudmihalcik-virtru
authored
📝 PLAT-897 Allow separate signing and wrapper keys (#24)
- Add a second 'signerPublicKey' field to an EO - This is an ephemeral public key a client may use to sign rewrap and other requests associated with the EO. - This is required as some algorithms and key types are more suited for encryption and others for signatures. Notably, we must support this for the smaller keys and restricted set of algorithms that NanoTDF will likely impose - Implementation(s): - Client [nanotdf for javascript](virtru/eternia#78) - Client [c++](virtru/tdf3-cpp#193) - Service [OpenStack EAS and KAS (python)](virtru-corp/etheria#295)
1 parent 68c5698 commit 0b7a7d4

File tree

2 files changed

+11
-1
lines changed

2 files changed

+11
-1
lines changed

CHANGELOG.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,15 @@
55
## Added
66
* _patch_: ([#17](https://github.com/virtru/tdf3-spec/pull/17))
77
Add KAS swagger
8+
* _patch_: ([#24](https://github.com/virtru/tdf3-spec/pull/24)), PLAT-897: `EntityObject.signerPublicKey`
9+
- Add a second 'signerPublicKey' field to an EO
10+
- This is an ephemeral public key a client may use to sign rewrap and other requests associated with the EO.
11+
- This is required as some algorithms and key types are more suited for encryption and others for signatures. Notably, we must support this for the smaller keys and restricted set of algorithms that NanoTDF will likely impose
12+
- Implementations:
13+
- Client [nanotdf for javascript](https://github.com/virtru/eternia/pull/78)
14+
- Client [c++](https://github.com/virtru/tdf3-cpp/pull/193)
15+
- Service [OpenStack EAS and KAS (python)](https://github.com/virtru/etheria/pull/295)
16+
817
## Changes
918
* 1.3.4 (2019-08-05)
1019
* _patch_: ([#20](https://github.com/virtru/tdf3-spec/pull/20))

schema/EntityObject.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,10 +40,11 @@ When an entity wishes to decrypt a file, the following steps using the Entity Ob
4040
|`attributes`|Array|An array of signed [Attribute Object](AttributeObject.md)s. At most one of these may be a _default_ AttributeObject.|Yes|
4141
|`attributes.jwt`|String|An [Attribute Object](AttributeObject.md) that has been signed with the EAS private key as a [JWT](https://jwt.io/).|Yes|
4242
|`publicKey`|String|The entity's public key, in a PEM-encoded format.|Yes|
43+
|`signerPublicKey`|String|A second public key used for signing KAS requests, in a PEM-encoded format. When using TDF3 with elliptic curve cryptography, the public key may use ECDH and the signing key ECDSA.|Optional, depends on choice of algorithm|
4344
|`cert`|String|The [Entity Object](EntityObject.md) contents (without `cert`) that has been signed with the EAS private key, as a [JWT](https://jwt.io/). The KAS uses this field to validate the authenticity of the Entity Object. |Yes|
4445
|`schemaVersion`|String|Version number of the Entity Object schema.|No|
4546

4647

4748
## Version
4849

49-
The current schema version is `1.1.0`.
50+
The current schema version is `1.1.1`.

0 commit comments

Comments
 (0)