| version 1.5, 2018/09/12 01:21:34 |
version 1.6, 2023/07/17 03:57:21 |
|
|
| #define KRL_SECTION_FINGERPRINT_SHA1 3 |
#define KRL_SECTION_FINGERPRINT_SHA1 3 |
| #define KRL_SECTION_SIGNATURE 4 |
#define KRL_SECTION_SIGNATURE 4 |
| #define KRL_SECTION_FINGERPRINT_SHA256 5 |
#define KRL_SECTION_FINGERPRINT_SHA256 5 |
| |
#define KRL_SECTION_EXTENSION 255 |
| |
|
| 2. Certificate section |
2. Certificate section |
| |
|
|
|
| #define KRL_SECTION_CERT_SERIAL_RANGE 0x21 |
#define KRL_SECTION_CERT_SERIAL_RANGE 0x21 |
| #define KRL_SECTION_CERT_SERIAL_BITMAP 0x22 |
#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22 |
| #define KRL_SECTION_CERT_KEY_ID 0x23 |
#define KRL_SECTION_CERT_KEY_ID 0x23 |
| |
#define KRL_SECTION_CERT_EXTENSION 0x39 |
| |
|
| 2.1 Certificate serial list section |
2.1 Certificate serial list section |
| |
|
|
|
| This section must contain at least one "key_id". This section may appear |
This section must contain at least one "key_id". This section may appear |
| multiple times. |
multiple times. |
| |
|
| |
2.5. Certificate Extension subsections |
| |
|
| |
This subsection type provides a generic extension mechanism to the |
| |
certificates KRL section that may be used to provide optional or critical |
| |
data. |
| |
|
| |
Extensions are stored in subsections of type |
| |
KRL_SECTION_CERT_EXTENSION with the following contents: |
| |
|
| |
string extension_name |
| |
boolean is_critical |
| |
string extension_contents. |
| |
|
| |
Where "extension_name" describes the type of extension. It is |
| |
recommended that user extensions follow "cert-name@domain.org" naming. |
| |
|
| |
The "is_critical" indicates whether this extension is mandatory or |
| |
optional. If true, then any unsupported extension encountered should |
| |
result in KRL parsing failure. If false, then it may be safely be |
| |
ignored. |
| |
|
| |
The "extension_contents" contains the body of the extension. |
| |
|
| 3. Explicit key sections |
3. Explicit key sections |
| |
|
| These sections, identified as KRL_SECTION_EXPLICIT_KEY, revoke keys |
These sections, identified as KRL_SECTION_EXPLICIT_KEY, revoke keys |
|
|
| |
|
| This section may appear multiple times. |
This section may appear multiple times. |
| |
|
| 5. KRL signature sections |
5. Extension sections |
| |
|
| |
This section type provides a generic extension mechanism to the KRL |
| |
format that may be used to provide optional or critical data. |
| |
|
| |
Extensions are recorded in sections of type KRL_SECTION_EXTENSION |
| |
with the following contents: |
| |
|
| |
string extension_name |
| |
boolean is_critical |
| |
string extension_contents. |
| |
|
| |
Where "extension_name" describes the type of extension. It is |
| |
recommended that user extensions follow "name@domain.org" naming. |
| |
|
| |
The "is_critical" indicates whether this extension is mandatory or |
| |
optional. If true, then any unsupported extension encountered should |
| |
result in KRL parsing failure. If false, then it may be safely be |
| |
ignored. |
| |
|
| |
The "extension_contents" contains the body of the extension. |
| |
|
| |
6. KRL signature sections |
| |
|
| The KRL_SECTION_SIGNATURE section serves a different purpose to the |
The KRL_SECTION_SIGNATURE section serves a different purpose to the |
| preceding ones: to provide cryptographic authentication of a KRL that |
preceding ones: to provide cryptographic authentication of a KRL that |
![[BACK]](/icons/back.gif){kind=icon}
Return to PROTOCOL.krl CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh