1
Vote

Security via factual keywords.

description

Use the "principal" keyword in the key of a fact to declare that it participates in asymmetric encryption. The fact's key includes a public key. The "principal" keyword must be combined with the "unique" keyword.

Use the "from" keyword in the key of a fact to mark the predecessor that signed the fact. The predecessor must be a "principal". The key includes the digital signature. The client library verifies the signature using the predecessor's public key, and will not acknowledge the fact if it cannot be verified. The "from" keyword may only appear once in a fact, and may not be used on an optional or multiple predecessor.

Use the "to" keyword in the key of a fact to mark the predecessor for which a fact is encrypted. The predecessor must be a "principal". The payload of the fact is encrypted using the predecessor's public key. The client library performs the encryption. It also performs the decryption provided a private key is given. The private key is not stored or shared. The "to" keyword may only appear once in a fact, and may not be used on an optional or multiple predecessor.

Use the "lock" keyword in the key of a fact to declare that it participates in symmetric encryption. The fact's payload is encrypted using a symmetric key.

Use the "unlock" keyword in the key of a fact to mark the predecessor for which this fact has the symmetric key. The fact's key includes a field called "Unlock" that carries the symmetric key. The "unlock" keyword must appear with either the "to" or "lock" keywords, so that the symmetric key is encrypted. It must also appear with the "unique" keyword. The "unlock" keyword may only appear once in a fact and may not be used on an optional or multiple predecessor.

Use the "in" keyword in the key of a fact to mark the predecessor that shares a symmetric key. The fact's payload is encrypted using that same symmetric key. The predecessor must use either the "lock" or "in" keyword.

Use the "strength" keyword in the header of a factual file to declare the cryptography strength of the facts within. The strength "us_1_0" refers to the lower bounds of NSA Suite B cryptography algorithms. The strength "us_1_1" refers to their upper bounds.

comments