Protocol serialization (CBOR)¶
The following chapter gives a brief outline how neuropil uses the cose / cwt standard to serialize token and messages.
The documentation of the cose / cwt is work in progress. Documentation and implementation will change as we progress with a standardization of the neuropil protocol.
CWT (CBOR web token)¶
The np_token structure is inspired by the JWT, which again inspired CWT. Therefore it only makes sense to re-use the CWT serialization format and tags when storing np_token on the disk (data-at-rest). When storing/serializing an np_token the neuropil library never adds the secret key of the ed15519 keypair. The secret key can only be stored in an additional file (see below).
A np_token is serialized in the following format:
This serialization format is the AEAD encrypted with a passphrase and a nonce to protect the plain-text information contained the the attribute set (to prevent collusion). An encrypted np_token on the disk currently has the following format:
A neuropil identity contains the secret key of the ed25519 keypair, and it may contain a fingerprint if it has to be used on conjunction with a np_token.
The secret key is stored AEAD encrpyted with a passphrase and a nonce on the disk in the following format:
A keystore is the composition of several fingerprints of np_token. A keystore can be created for message intent token or digital identities. The current implementation only allows for a single directory, but that could change in the future.
The keystore serializes each np_token into a separate file, where the filename is composed with the fingerprint of the corresponding np_token. The actual keystore then only stores an array of fingerprints.
The array of fingerprints is AEAD encrypted with a passphrase and a nonce, because otherwise an attacker could simply add entries to the file (or directory) to add malicious np_token.
The current implementation of the keystore has the following format:
to be developed :-)