dat 0.1.0

DAT - Data Access Token
Documentation

DAT - Data Access Token

DAT Format

expire.kid.plain.secure.signature

  • expire: number
    • Unix-Timestamp (sec)
  • kid: text
    • Keystore(signature and crypt) ID
  • plain: base64 url no pad
    • Text Data
  • secure: base64 url no pad
    • Encrypted Text Data
  • signature: base64 url no pad
    • Keystore[kid].signature(expire.kid.plain.secure.)

Keystore Format

// format
{
    "kid": keystore id,
    "signAlg": signature algorithm,
    "signKey": keystore signature key data (base64 url no pad),
    "cryptAlg": crypt algorithm,
    "cryptKey": keystore crypt key data (base64 url no pad),
    "issueBegin": issue begin time (unix timestamp sec),
    "issueEnd": issue end time (unix timestamp sec),
    "tokenLifetime": token lifetime (sec)
}

// example
{
    "kid":"123",
    "signAlg": "P256",
    "signKey": "Qb40YzdR3QbRG_oh4QgZrBdrhzaFqFzah5Y4o4jE0js",
    "cryptAlg": "AES128GCMN",
    "cryptKey": "ZCJk5cJNR6lrsMEuRRHWuQ",
    "issueBegin": 1775801019,
    "issueEnd": 1775861119,
    "tokenLifetime": 600
}

support sign – verify algorithm

name algorithm
P256 secp256r1
P384 secp384r1
P521 secp521r1

support crypt algorithm

name algorithm
AES128GCMN aes-128-gcm n(nonce + body)
AES256GCMN aes-256-cbc n(nonce + body)