KEYTEXT(6)KEYTEXT(6)NAMEkeytext - textual form of Inferno public/private keys
DESCRIPTIONKeyring-certtostr(2) defines a set of functions that convert between
textual forms of the elements of the Inferno public-key authentication
system and their internal data types. The textual form is used for key
storage and as the transport format for the authentication protocol
auth(6). In storage and transport each encoded value is encapsulated
by the record-oriented encoding defined in keyring-getmsg(2). The for‐
mat represents public and private keys, and signer's certificates. In
this context a certificate is a time-limited cryptographically signed
hash of some other value (usually a public key) and contains neither
that value nor the signer's key, which is assumed to be available else‐
where.
All values are represented by a sequence of newline-separated text
fields. The type of any given value is determined by its context.
Each type of value has a common prefix that includes an algorithm iden‐
tifier, followed by a sequence of algorithm-dependent fields:
authinfo ::= signer-public-key certificate !private-
key big-alpha big-p
certificate ::= sigalg hashalg signer-name exp-time
*-sig
sigalg ::= rsa | dsa | elgamal
hashalg ::= sha1 | md5
*-key ::= sigalg owner-name ...
rsa-public-key ::= rsa owner-name big-n big-ek
rsa-private-key ::= rsa owner-name big-n big-ek
!big-dk !big-p !big-q !big-kp !big-kq
!big-c2
dsa-public-key ::= dsa owner-name big-p big-q big-alpha
big-key
dsa-private-key ::= dsa owner-name big-p big-q big-alpha
big-key !big-secret
rsa-sig ::= big-val
dsa-sig ::= big-r big-s
elgamal-sig ::= big-r big-s
Each value labelled as `big-' is an unsigned multiple-precision integer
from keyring-ipint(2), represented as a sequence of bytes with in big-
endian order, as produced by IPint->iptobytes with an extra leading
zero byte added if the top bit of the first byte is set, and then
encoded in base-64 (as by encoding(2)). Each value labelled `-name' is
utf (6) text not containing a newline; it is interpreted by an applica‐
tion and need not be a name. The expiry time exp-time is represented
in decimal as seconds from the Epoch (1 January 1970 00:00 GMT); if it
is zero, no expiry time is set. A label prefixed by `!' marks a value
that should be considered secret.
The hash of a key is computed over its textual encoding according to
the syntax above. A certificate's signature value is produced by digi‐
tally signing using sigalg the hash (using hashalg) of the concatena‐
tion of the value to be authenticated, the signer-name in utf(6), a
single space, and the exp-time in decimal (with no leading zeroes).
When checking a signature, comparisons are done with values in internal
multiple-precision form (ie, as IPints), not in base-64 form.
SEE ALSOkeyring-certtostr(2), keyring-getmsg(2), factotum(4), keys(6), getau‐
thinfo(8)BUGS
The byte-array encoding of IPint should not require the leading zero;
it does so for compatibility with old keys.
KEYTEXT(6)
