Export/Import CredentialsΒΆ

Sometimes, one may need to export credentials (e.g., certificate and private key) from one machine, and import them into another machine. This requires a secured container for sensitive information. We define SafeBag, which contains both an NDN certificate (version 2.0) and the corresponding private key which is encrypted in PKCS#8 format.

The format of SafeBag is defined as:

SafeBag = SAFE-BAG-TYPE TLV-LENGTH
            CertificateV2   ; a data packet following certificate format spec
            EncryptedKeyBag

EncryptedKeyBag = ENCRYPTED-KEY-BAG-TYPE TLV-LENGTH
                    *OCTET ; private key encrypted in PKCS#8 format

All TLV-TYPE codes are application specific:

TLV-TYPE Assigned number (decimal) Assigned number (hexadecimal)
SafeBag 128 0x80
EncryptedKeyBag 129 0x81