diff options
Diffstat (limited to 'spec/cert-spec.md')
-rw-r--r-- | spec/cert-spec.md | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/spec/cert-spec.md b/spec/cert-spec.md index 36c9c0b..79ee9b0 100644 --- a/spec/cert-spec.md +++ b/spec/cert-spec.md @@ -18,6 +18,7 @@ Table of Contents ``` <a id="cert-spec.txt-1"></a> + # Scope and Preliminaries This document describes a certificate format that Tor uses for @@ -32,6 +33,7 @@ proposal 220, and were first supported by Tor in Tor version 0.2.7.2-alpha. <a id="cert-spec.txt-1.1"></a> + ## Signing All signatures here, unless otherwise specified, are computed @@ -42,15 +44,18 @@ signed document is prefixed with a personalization string, which will be different in each case. <a id="cert-spec.txt-1.2"></a> + ## Integer encoding Network byte order (big-endian) is used to encode all integer values in Ed25519 certificates unless explicitly specified otherwise. <a id="cert-spec.txt-2"></a> + # Document formats <a id="cert-spec.txt-2.1"></a> + ## Ed25519 Certificates When generating a signing key, we also generate a certificate for it. @@ -107,9 +112,11 @@ the certificate up until "SIGNATURE" (that is, signing sizeof(ed25519_cert) - 64 bytes). <a id="cert-spec.txt-2.2"></a> + ## Basic extensions <a id="cert-spec.txt-2.2.1"></a> + ### Signed-with-ed25519-key extension [type 04] In several places, it's desirable to bundle the key signing a @@ -126,6 +133,7 @@ When this extension is present, it MUST match the key used to sign the certificate. <a id="cert-spec.txt-2.3"></a> + ## RSA->Ed25519 cross-certificate Certificate type [07] (Cross-certification of Ed25519 identity @@ -153,6 +161,7 @@ acts with the authority of the RSA key that signed this certificate." <a id="cert-spec.txt-A.1"></a> + ## List of certificate types (CERT_TYPE field) The values marked with asterisks are not types corresponding to @@ -194,11 +203,13 @@ certificate type enumeration of in our Ed25519 certificates. ``` <a id="cert-spec.txt-A.2"></a> + ## List of extension types [04] - signed-with-ed25519-key (section 2.2.1) <a id="cert-spec.txt-A.3"></a> + ## List of signature prefixes We describe various documents as being signed with a prefix. Here @@ -207,6 +218,7 @@ are those prefixes: "Tor router descriptor signature v1" (see dir-spec.txt) <a id="cert-spec.txt-A.4"></a> + ## List of certified key types (CERT_KEY_TYPE field) ```text @@ -220,4 +232,3 @@ are those prefixes: "01" for all types of certified key. Implementations SHOULD allow "01" in this position, and infer the actual key type from the CERT_TYPE field.) - |