@@ -462,28 +462,14 @@ Version: **1.0 (Draft)**
462462 , ... ]
463463 }
464464
465- where: ROLE is a dictionary whose "_ type" field describes the role type.
466- KEYID is the identifier of the key signing the ROLE dictionary.
467- SIGNATURE is a signature of the canonical JSON form of ROLE.
468-
469- The current reference implementation defines two signature schemes,
470- although TUF is not restricted to any particular signature scheme,
471- key type, or cryptographic library:
465+ where:
472466
473- "rsassa-pss-sha256" : RSA Probabilistic signature scheme with appendix.
474- The underlying hash function is SHA256.
475-
476- "ed25519" : Elliptic curve digital signature algorithm based on Twisted
477- Edwards curves.
467+ ROLE is a dictionary whose "_type" field describes the role type.
478468
479- "ecdsa-sha2-nistp256" : Elliptic Curve Digital Signature Algorithm
480- with NIST P-256 curve signing and SHA-256 hashing.
481-
482- rsassa-pss: https://tools.ietf.org/html/rfc3447#page-29
469+ KEYID is the identifier of the key signing the ROLE dictionary.
483470
484- ed25519: https://ed25519.cr.yp.to/
471+ SIGNATURE is a signature of the canonical JSON form of ROLE.
485472
486- ecdsa: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
487473
488474 All keys have the format:
489475
@@ -492,29 +478,51 @@ Version: **1.0 (Draft)**
492478 "keyval" : KEYVAL
493479 }
494480
495- where KEYTYPE is a string describing the type of the key and how it's
496- used to sign documents. The type determines the interpretation of
497- KEYVAL.
481+ where:
482+
483+ KEYTYPE is a string denoting a public key signature system, such
484+ as RSA or ECDSA.
498485
499- We define three keytypes below: 'rsa', 'ed25519', and 'ecdsa'. However, TUF
500- places no restrictions on cryptographic keys. Adopters can use any
501- particular keytype, signing scheme, and cryptographic library.
486+ SCHEME is a string denoting a corresponding signature scheme. For
487+ example: "rsassa-pss-sha256" and "ecdsa-sha2-nistp256".
488+
489+ KEYVAL is a dictionary containing the public portion of the key.
490+
491+ The reference implementation defines three signature schemes, although TUF
492+ is not restricted to any particular signature scheme, key type, or
493+ cryptographic library:
494+
495+ "rsassa-pss-sha256" : RSA Probabilistic signature scheme with appendix.
496+ The underlying hash function is SHA256.
497+ https://tools.ietf.org/html/rfc3447#page-29
498+
499+ "ed25519" : Elliptic curve digital signature algorithm based on Twisted
500+ Edwards curves.
501+ https://ed25519.cr.yp.to/
502+
503+ "ecdsa-sha2-nistp256" : Elliptic Curve Digital Signature Algorithm
504+ with NIST P-256 curve signing and SHA-256 hashing.
505+ https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
506+
507+ We define three keytypes below: 'rsa', 'ed25519', and 'ecdsa', but adopters
508+ can define and use any particular keytype, signing scheme, and cryptographic
509+ library.
502510
503511 The 'rsa' format is:
504512
505513 { "keytype" : "rsa",
506514 "scheme" : "rsassa-pss-sha256",
507- "keyval" : { "public" : PUBLIC}
515+ "keyval" : {"public" : PUBLIC}
508516 }
509517
510- where PUBLIC is in PEM format and a string. All RSA keys
511- must be at least 2048 bits.
518+ where PUBLIC is in PEM format and a string. All RSA keys must be at least
519+ 2048 bits.
512520
513521 The 'ed25519' format is:
514522
515523 { "keytype" : "ed25519",
516524 "scheme" : "ed25519",
517- "keyval" : { "public" : PUBLIC}
525+ "keyval" : {"public" : PUBLIC}
518526 }
519527
520528 where PUBLIC is a 32-byte string.
@@ -523,10 +531,12 @@ Version: **1.0 (Draft)**
523531
524532 { "keytype" : "ecdsa-sha2-nistp256",
525533 "scheme" : "ecdsa-sha2-nistp256",
526- "keyval" : { "public" : PUBLIC}
534+ "keyval" : {"public" : PUBLIC}
527535 }
528536
529- where PUBLIC is in PEM format and a string.
537+ where:
538+
539+ PUBLIC is in PEM format and a string.
530540
531541 The KEYID of a key is the hexdigest of the SHA-256 hash of the
532542 canonical JSON form of the key.
0 commit comments