10. Appendix D: KeyLabel field specification¶
KeyLabel field specification lists the following fields.
Implementers may define their own vendor-specific field specification, but it's recommended to share it publicly.
10.1 Versioning¶
In current specification type and v fields are required, rest of fields are type specific. type and v together define a KeyLabel type.
v describes type version. Version should only increase when there are breaking changes to type (basically define a new type). Adding/removing optional fields doesn't increase the version.
Required fields are required only for UI. When KeyLabel parsing fails, then CDOC2 decryption should still succeed as required fields for decryption are in FlatBuffers structure.
Exception to this (decryption should succeed without KeyLabel) is symmetric key, when there is more than 1 symmetric key recipient in CDOC2 header (key label needs to be unique to differentiate between symmetric key recipients).
10.2 eID v1¶
| field | description | example | required | comments |
|---|---|---|---|---|
| v | Version | 1 | X | |
| type | eID type: ID-card or Digi-ID or Digi-ID E-RESIDENT |
ID-card | X | |
| cn | Recipient common name as it is appears in certificate | JÕEORG,JAAK-KRISTJAN,38001085718 | X | |
| serial_number | SerialNumber as it appears in LDAP server | PNOEE-38001085718 | X | |
| last_name | Recipient last name | Jõeorg | ||
| first_name | Recipient first name | Jaak-Kristjan | ||
| server_exp | Set expiration date in capsule server as Unix timestamp (seconds) | 1730992802 | Added 18.11.24 |
10.3 Certificate from file v1 (type=cert)¶
| field | description | example | required | comments |
|---|---|---|---|---|
| v | Version | 1 | X | |
| type | Certificate from file | cert | X | |
| file | Recipient x509 certificate file | 37101010021_cert.pem | ||
| cn | Common Name from certificate | ŽAIKOVSKI,IGOR,37101010021 | ||
| cert_sha1 | Certificate SHA1 Fingerprint | 7F193CBFFA6A8D52C710FE961077817567449C59 | ||
| server_exp | Set expiration date in capsule server as Unix timestamp (seconds) | 1730992802 | Added 18.11.24 |
10.4 Public key from file v1 (type=pub_key)¶
| field | description | example | required | comments |
|---|---|---|---|---|
| v | Version | 1 | X | |
| type | Public key from file | pub_key | X | |
| file | Public key input file | bob_pub.pem | ||
| label | label to identify public key from other keys, user-given or generated | file:bob_pub.pem | Addeded 18.11.24 |
10.5 Symmetric key v1 (type=secret)¶
| field | description | example | required |
|---|---|---|---|
| v | Version | 1 | X |
| type | symmetric key | secret | X |
| label | label to identify symmetric key from other keys, user-given or generated | yHqkRsP3kbQ | X |
| file |
10.6 Password v1 (type=pw)¶
| field | description | example | required |
|---|---|---|---|
| v | version | 1 | X |
| type | user-given password | pw | X |
| label | label to identify password from other passwords, user-given or generated | Arno | X |
10.7 Smart-ID/Mobile-ID v1 (type=auth)¶
| field | description | example(s) | required |
|---|---|---|---|
| v | Version | 1 | X |
| type | Smart-ID/Mobile-ID | auth | X |
| sn | ETSI semantics identifier or private company issuer identifier | etsi/PNOEE-48010010101 ; private/JIO/70000349 | X |