diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-09-20 13:43:32 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-09-20 13:43:32 -0400 |
commit | bfdc69a1e9922c571a4818b1d2240eb3334ee541 (patch) | |
tree | 70d28566f1efb1e3f845216a0a55f2687c8d92c8 /cert-spec.txt | |
parent | 6b14f76ec14cebe4f2516249617a4caa54874d00 (diff) | |
download | torspec-bfdc69a1e9922c571a4818b1d2240eb3334ee541.tar.gz torspec-bfdc69a1e9922c571a4818b1d2240eb3334ee541.zip |
Document RSA->Ed crosscert format
Diffstat (limited to 'cert-spec.txt')
-rw-r--r-- | cert-spec.txt | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/cert-spec.txt b/cert-spec.txt index 340ed42..05f17f4 100644 --- a/cert-spec.txt +++ b/cert-spec.txt @@ -24,7 +24,7 @@ 2. Document formats -2.1. Certificates +2.1. Ed25519 Certificates When generating a signing key, we also generate a certificate for it. Unlike the certificates for authorities' signing keys, these @@ -90,6 +90,27 @@ When this extension is present, it MUST match the key used to sign the certificate. +2.3. RSA->Ed25519 cross-certificate + + Certificate type [07] (Cross-certification of Ed25519 identity + with RSA key) contains the following data: + + ED25519_KEY [32 bytes] + EXPIRATION_DATE [4 bytes] + SIGLEN [1 byte] + SIGNATURE [SIGLEN bytes] + + Here, the Ed25519 identity key is signed with router's RSA + identity key, to indicate that authenticating with a key + certified by the Ed25519 key counts as certifying with RSA + identity key. (The signature is computed on the SHA256 hash of + the non-signature parts of the certificate, prefixed with the + string "Tor TLS RSA/Ed25519 cross-certificate".) + + This certificate type is used to mean, "This Ed25519 identity key + acts with the authority of the RSA key that signed this + certificate." + A.1. List of certificate types The values marked with asterisks are not types corresponding to @@ -111,8 +132,8 @@ A.1. List of certificate types [06] - Ed25519 authentication key signed with ed25519 signing key (see prop220 section 4.2) - [07] - RSA identity cross-certification - (see prop220 section 4.2) + **[07] - Reserved for RSA identity cross-certification; + (see section 2.3 above, and tor-spec.txt section 4.2) [08] - Onion service: short-term descriptor signing key, signed with blinded public key. |