DAT - Data Access Token
Cargo.toml
dat = { version = "1.1.2" }
DAT
# Example
signature_algorithm: P256
crypto_algorithm: AES128GCMN
plain: 123
secure: asdf
# DAT result Example
1776530737.11.MTIz.8yKUvzs7mg3tDwdeA9I2gNOliewpTgm9OVbEY3Qh6io.qfnqmXKuNE3MfRr576rxNMCchxbY1iqC07-woJcbCudt2O0BAyK_86ypaSfLJjkGq9FZxpGrsgBDkk-xQhGvmA
expire.kid.plain.secure.sign
expire: number- Unix-Timestamp (sec)
kid: stringifiable- key id
plain: base64 url no pad- Text Data
secure: base64 url no pad- Encrypted Text Data
sign: base64 url no pad- dat-bank[kid].sign(expire.kid.plain.secure)
DAT KEY
# Example
1.2.P256.DErFl-U5h4fdbnAXTTs2GikkJgZwYXV25v2EdFeXIXs.AES128GCMN.5VEziIzCu2LRsK1XS6OYxA.1776541326.1776544626.1800
version.kid.signature-algorithm.signature-key.crypto-algorithm.crypto-key.issue-begin.issue-end.token-ttl
version: number- dat-key format version
kid: stringifiable- key id
signature-algorithm: text- sign algorithm
signature-key: base64 url no padThe signature-key is categorized into three types: FULL (signing-key~verifying-key), SIGNING (signing-key), and VERIFYING (~verifying-key).
Whether a key is for sign or verify can be distinguished by the presence of a leading tilde (~). Generally, if you output the sign key alone, the public key can be derived from it (using the private key). However, depending on the platform, this derivation feature may not be available; in such cases, you should output the full key and parse it for use.
- FULL: <signing key base64>~<verifying key base64>
- SIGNING: <signing key base64>
- VERIFYING: ~<verifying key base64>
crypto-algorithm: text- crypto algorithm,
crypto-key: base64 url no pad- crypto key
issue-begin: number- issue begin time
issue-end: number- issue end time
token-ttl: number- token(dat) TTL
support signature algorithm
| name | algorithm |
|---|---|
| P256 | secp256r1 |
| P384 | secp384r1 |
| P521 | secp521r1 |
support crypto algorithm
| name | algorithm |
|---|---|
| AES128GCMN | aes-128-gcm n(nonce + body) |
| AES256GCMN | aes-256-cbc n(nonce + body) |
support dat key format version
| support key format version | dat bank version |
|---|---|
| 2 | 1.1.0 + |
| 1 | BETA |
Performance
- random plain and secure test
- mac mini m4 2024 basic (10 core)
- release compile
- dat_performance_test.rs
Testing started at 1:30 PM ...
Finished `release` profile [optimized] target(s) in 0.03s
Running tests/dat_performance_test.rs (target/release/deps/dat_performance_test-9b4b91db1487b251)
performance test (plain, secure)
plain: ynGgYSjBIul6zefgTaSNNNPZpk1ltuIjFHRJoNdtLjpGLrqDHsjmmnZPFMllkEC287UyKkIeR5NHpzg43BKVHQ3imndzY3sJerJo
secure: zz2lIYaeK7QX89a9LH2D88bAvEgKMoPwZra9i5xqeMqcJW3UFxM6GN8K6ezFExL612oWxW899CtBct1E1WDQEbKyPL8FxlgtXNQM
P256/AES128GCMN to_dat * 10000 : 150ms
P256/AES128GCMN to_payload * 10000 : 211ms
P256/AES256GCMN to_dat * 10000 : 151ms
P256/AES256GCMN to_payload * 10000 : 217ms
P384/AES128GCMN to_dat * 10000 : 475ms
P384/AES128GCMN to_payload * 10000 : 729ms
P384/AES256GCMN to_dat * 10000 : 500ms
P384/AES256GCMN to_payload * 10000 : 747ms
P521/AES128GCMN to_dat * 10000 : 448ms
P521/AES128GCMN to_payload * 10000 : 739ms
P521/AES256GCMN to_dat * 10000 : 463ms
P521/AES256GCMN to_payload * 10000 : 740ms
See Also
- Libraries
- DatKey Generate Service
Use Cases
- Anissia (https://anissia.net)
- BackEnd: https://github.com/anissia-net/core
- FrontEnd: https://github.com/anissia-net/web