dat 1.1.1

DAT - Data Access Token
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

# DAT - Data Access Token

# Cargo.toml
```
dat = { version = "1.1.1" }
```

# DAT
```
# Example
signature_algorithm: P256
crypto_algorithm: AES128GCMN
plain: 123
secure: asdf

# DAT result Example
1776530737.11.MTIz.8yKUvzs7mg3tDwdeA9I2gNOliewpTgm9OVbEY3Qh6io.qfnqmXKuNE3MfRr576rxNMCchxbY1iqC07-woJcbCudt2O0BAyK_86ypaSfLJjkGq9FZxpGrsgBDkk-xQhGvmA
```

> ```expire```.```kid```.```plain```.```secure```.```sign```

- ```expire```: number
  - Unix-Timestamp (sec)
- ```kid```: stringifiable
  - key id
- ```plain```: base64 url no pad
  - Text Data 
- ```secure```: base64 url no pad
  - Encrypted Text Data
- ```sign```: base64 url no pad
  - dat-bank\[kid\].sign(expire.kid.plain.secure)

# DAT KEY
```
# Example
1.2.P256.DErFl-U5h4fdbnAXTTs2GikkJgZwYXV25v2EdFeXIXs.AES128GCMN.5VEziIzCu2LRsK1XS6OYxA.1776541326.1776544626.1800
```
> ```version```.```kid```.```signature-algorithm```.```signature-key```.```crypto-algorithm```.```crypto-key```.```issue-begin```.```issue-end```.```token-ttl```

- ```version```: number
  - dat-key format version
- ```kid```: stringifiable
  - key id
- ```signature-algorithm```: text
  - sign algorithm 
- ```signature-key```: base64 url no pad
  > The signature-key is categorized into three types: FULL (signing-key~verifying-key), SIGNING (signing-key), and VERIFYING (~verifying-key).
  > 
  > Whether a key is for sign or verify can be distinguished by the presence of a leading tilde (~). Generally, if you output the sign key alone, the public key can be derived from it (using the private key). However, depending on the platform, this derivation feature may not be available; in such cases, you should output the full key and parse it for use.
  - FULL: \<signing key base64\>~\<verifying key base64\>
  - SIGNING: \<signing key base64\>
  - VERIFYING: ~\<verifying key base64\>
- ```crypto-algorithm```: text
  - crypto algorithm,
- ```crypto-key```: base64 url no pad
  - crypto key
- ```issue-begin```: number
  - issue begin time
- ```issue-end```: number
  - issue end time
- ```token-ttl```: number
  - token(dat) TTL


## support signature algorithm
| name   | algorithm  |
|--------|------------|
| P256   | secp256r1  |
| P384   | secp384r1  |
| P521   | secp521r1  |

## support crypto algorithm
| name       | algorithm                   |
|------------|-----------------------------|
| AES128GCMN | aes-128-gcm n(nonce + body) |
| AES256GCMN | aes-256-cbc n(nonce + body) |


# Performance
- random plain and secure test
- mac mini m4 2024 basic (10 core)
- release compile
- [dat_performance_test.rs](tests/dat_performance_test.rs)
```
Testing started at 1:30 PM ...
    Finished `release` profile [optimized] target(s) in 0.03s
     Running tests/dat_performance_test.rs (target/release/deps/dat_performance_test-9b4b91db1487b251)
performance test (plain, secure)
plain: ynGgYSjBIul6zefgTaSNNNPZpk1ltuIjFHRJoNdtLjpGLrqDHsjmmnZPFMllkEC287UyKkIeR5NHpzg43BKVHQ3imndzY3sJerJo
secure: zz2lIYaeK7QX89a9LH2D88bAvEgKMoPwZra9i5xqeMqcJW3UFxM6GN8K6ezFExL612oWxW899CtBct1E1WDQEbKyPL8FxlgtXNQM
P256/AES128GCMN to_dat * 10000 : 150ms
P256/AES128GCMN to_payload * 10000 : 211ms
P256/AES256GCMN to_dat * 10000 : 151ms
P256/AES256GCMN to_payload * 10000 : 217ms
P384/AES128GCMN to_dat * 10000 : 475ms
P384/AES128GCMN to_payload * 10000 : 729ms
P384/AES256GCMN to_dat * 10000 : 500ms
P384/AES256GCMN to_payload * 10000 : 747ms
P521/AES128GCMN to_dat * 10000 : 448ms
P521/AES128GCMN to_payload * 10000 : 739ms
P521/AES256GCMN to_dat * 10000 : 463ms
P521/AES256GCMN to_payload * 10000 : 740ms
```