-
Notifications
You must be signed in to change notification settings - Fork 4
Home
Draft
In the Open Registry, all Things have identities. We have adopted a Uniform Resource Name (URN) format for encoding and storing these identities, ranging from cryptographic public keys to BLE & NFC device IDs. The URN format is easily readable and allows for the support of a wide variety of identities. It complies with current standards for representing products, books, electronics, and standardized algorithms and protocols. This extensibility is essential for building a universal and open platform for the Internet of Things.
Each identity will be split by : into multiple sections, denoting more specific information about the identity after each subsequent colon. The last section denotes the actual identity of the Thing.
<Category>[:<Subcategory>[:<sub-Subcategory> … ]]:<ID>
All categories are case-insensitive, whereas the ID is case-sensitive to allow for BASE64 encoding support.
Public Key
pbk
Elliptic Curve Public Key
pbk:ec
RSA Public Key
pbk:rsa
Elliptic curve using verified random parameters
pbk:ec:secp256r1
Full ECC URN
pbk:ec:secp256r1:0260fed4ba255a9d31c961eb74c6356d68c049b8923b61fa6ce669622e60f29fb6
The following identity-related protocols are supported by the URN syntax:
- Elliptic Curve public key, secp256r1 key
- RSA public key, 2048 bit key
- BLE identifier
- NFC identifier
- Serial number
Additional protocols will be added. If you are working on a project and need us to extend our support, please, get in touch with us via our forum.
Elliptic curve cryptographic public keys are compressed. A compressed ECC public key uses only the x coordinate and the polarity or sign (+/-) of the y coordinate to recover the uncompressed public key. Additionally, if we are only interested in reading the public key from a device and verifying a cryptographic signature, we can store only the x coordinate in the Open Registry, asserting that this public key coordinate matches the one received from interacting with the device. If the Open Registry contains the same x coordinate as is returned by the device, then we need not worry about the polarity of the ECC public key coordinate - the Thing is authentic.
We have decided to store the polarity as well in order to verify the signature without reading the public key directly from the device. This complies with how compressed ECC public keys are viewed today and will allow better compatability in the future.
Polarity in public key modulus is represented as even or odd. The polarity is appended to the beginning of the x coordinate that will be stored in the Open Registry.
even --> 0x02
odd --> 0x03
As is used in Bitcoin's public key compression. The byte is used here since padding will always be applied to the identity. In BASE64, it will be the same length as if it was only a bit.
The format of an RSA public key in URN format is as follows:
pbk:rsa:<key size in bits>:<public key of defined size><exponent used>
A sample RSA public key in URN format with 2048 bit key and 0x010001 will be the following:
pbk:rsa:2048:cb47e6aada931986bb6bbf02c8618437c072cefa4e19c1ee6cb189b95a49e3ce94fb4de129c30ab7e683f827c98eb05e844af24f809ed5f217e93c14d58f64b98fc9136d3c2b56a672853a8f52c7ac7acd201b09d0f578f32f377f954905e18fa360448901d0ac538cd1102dc0821cd13a843e370471c00e95daf4bba001186c5b2220e15f2f4777aa9b0a823186c34d82fd557e245b4d5816f48bdc09dd34806982609b63012dd13fe603f23730940e68463b1b68f24ee77907925d286d55ec22bad53119f8354388e051854ef436589538f1efbf104af477dc3ca2cf29974fcf432639b8716c38c717d44c8f0c90d59f02f2ab0aef8b59c2feb460e2cbfb57010001
Elliptic Curve Public Key
pbk:ec:secp256r1:0260fed4ba255a9d31c961eb74c6356d68c049b8923b61fa6ce669622e60f29fb6
BLE
ble:1.0:0A153C993D9C
NFC
nfc:1.0:04062782DF4980
Serial number
sn:C02EK02HG8DL
RSA public key
pbk:rsa:2048:cb47e6aada931986bb6bbf02c8618437c072cefa4e19c1ee6cb189b95a49e3ce94fb4de129c30ab7e683f827c98eb05e844af24f809ed5f217e93c14d58f64b98fc9136d3c2b56a672853a8f52c7ac7acd201b09d0f578f32f377f954905e18fa360448901d0ac538cd1102dc0821cd13a843e370471c00e95daf4bba001186c5b2220e15f2f4777aa9b0a823186c34d82fd557e245b4d5816f48bdc09dd34806982609b63012dd13fe603f23730940e68463b1b68f24ee77907925d286d55ec22bad53119f8354388e051854ef436589538f1efbf104af477dc3ca2cf29974fcf432639b8716c38c717d44c8f0c90d59f02f2ab0aef8b59c2feb460e2cbfb57010001
IDs itself which are in hex/binary form should be converted into base64 to save space.