SafeBag Format for Exported CredentialsΒΆ

Sometimes, one may need to export credentials (e.g., certificate and private key) from one machine, and import them into another machine. This requires a secured container for sensitive information. We define SafeBag, which contains both an NDN certificate (version 2.0) and the corresponding private key, which is encrypted in PKCS #8 format.

The format of SafeBag is defined as:

SafeBag = SAFE-BAG-TYPE TLV-LENGTH
            CertificateV2
            EncryptedKeyBag

EncryptedKeyBag = ENCRYPTED-KEY-BAG-TYPE TLV-LENGTH
                    *OCTET ; private key encrypted in PKCS #8 format

All TLV-TYPE numbers are application specific:

TLV-TYPE Assigned number (decimal) Assigned number (hexadecimal)
SafeBag 128 0x80
EncryptedKeyBag 129 0x81