// // #method MeshExamples CreateExamples Example // // MeshExamples // public void MeshExamples (CreateExamples Example) { // _Output.Write ("\n{0}", _Indent); // ##Protocol Overview _Output.Write ("#Protocol Overview\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // [Account request does not specify the portal in the request body, _Output.Write ("[Account request does not specify the portal in the request body,\n{0}", _Indent); // only the HTTP package includes this information. This is probably a bug.] _Output.Write ("only the HTTP package includes this information. This is probably a bug.]\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Creating a new portal account _Output.Write ("##Creating a new portal account\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // A user interacts with a Mesh service through a Mesh portal provider _Output.Write ("A user interacts with a Mesh service through a Mesh portal provider \n{0}", _Indent); // with which she establishes a portal account. _Output.Write ("with which she establishes a portal account. \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // For user convenience, a portal account identifier has the familiar _Output.Write ("For user convenience, a portal account identifier has the familiar \n{0}", _Indent); // <<username>@<<domain> format established in [~RFC822]. _Output.Write ("<<username>@<<domain> format established in [~RFC822].\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // For example Alice selects #{CreateExamples.NameService} as her _Output.Write ("For example Alice selects {1} as her \n{0}", _Indent, CreateExamples.NameService); // portal provider and chooses the account name #{CreateExamples.NameAccount}. _Output.Write ("portal provider and chooses the account name {1}.\n{0}", _Indent, CreateExamples.NameAccount); // Her portal account identifier is #{CreateExamples.NameAccount}. _Output.Write ("Her portal account identifier is {1}.\n{0}", _Indent, CreateExamples.NameAccount); // _Output.Write ("\n{0}", _Indent); // A user MAY establish accounts with multiple portal providers _Output.Write ("A user MAY establish accounts with multiple portal providers\n{0}", _Indent); // and/or change their portal provider at any time they choose. _Output.Write ("and/or change their portal provider at any time they choose.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ######Checking Account Identifier for uniqueness _Output.Write ("###Checking Account Identifier for uniqueness\n{0}", _Indent); // #% var Point = Example.Traces.Get (Example.LabelValidate); var Point = Example.Traces.Get (Example.LabelValidate); // #% Example.Traces.Level = 0; Example.Traces.Level = 0; // _Output.Write ("\n{0}", _Indent); // The first step in creating a new account is to check to see if the _Output.Write ("The first step in creating a new account is to check to see if the\n{0}", _Indent); // chosen account identifier is available. This allows a client to _Output.Write ("chosen account identifier is available. This allows a client to \n{0}", _Indent); // validate user input and if necessary warn the user that they need _Output.Write ("validate user input and if necessary warn the user that they need \n{0}", _Indent); // to choose a new account identifier when the data is first entered. _Output.Write ("to choose a new account identifier when the data is first entered.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The ValidateRequest message contains the requested account identifier _Output.Write ("The ValidateRequest message contains the requested account identifier\n{0}", _Indent); // and an optional language parameter to allow the service to provide _Output.Write ("and an optional language parameter to allow the service to provide\n{0}", _Indent); // informative error messages in a language the user understands. The _Output.Write ("informative error messages in a language the user understands. The\n{0}", _Indent); // Language field contains a list of ISO language identifier codes _Output.Write ("Language field contains a list of ISO language identifier codes \n{0}", _Indent); // in order of preference, most preferred first. _Output.Write ("in order of preference, most preferred first.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // The ValidateResponse message returns the result of the validation _Output.Write ("The ValidateResponse message returns the result of the validation\n{0}", _Indent); // request in the Valid field. Note that even if the value true is returned, _Output.Write ("request in the Valid field. Note that even if the value true is returned,\n{0}", _Indent); // a subsequent account creation request MAY still fail. _Output.Write ("a subsequent account creation request MAY still fail.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Example.Traces.Level = 5; Example.Traces.Level = 5; // [Note that for the sake of concise presentation, the HTTP binding _Output.Write ("[Note that for the sake of concise presentation, the HTTP binding\n{0}", _Indent); // information is omitted from future examples.] _Output.Write ("information is omitted from future examples.]\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Creating a new user profile _Output.Write ("##Creating a new user profile\n{0}", _Indent); // #% Point = Example.Traces.Get (Example.LabelCreatePersonal); Point = Example.Traces.Get (Example.LabelCreatePersonal); // #% Point = Example.Traces.Get (Example.LabelCreatePersonal); Point = Example.Traces.Get (Example.LabelCreatePersonal); // #% var CreateRequest = Point.Messages[0].Payload as Goedel.Mesh.CreateRequest; var CreateRequest = Point.Messages[0].Payload as Goedel.Mesh.CreateRequest; // #% var SignedProfile = CreateRequest.Profile as SignedPersonalProfile; var SignedProfile = CreateRequest.Profile as SignedPersonalProfile; // #% var Profile = SignedProfile.Signed; var Profile = SignedProfile.Signed; // _Output.Write ("\n{0}", _Indent); // The first step in creating a new personal profile is to create a _Output.Write ("The first step in creating a new personal profile is to create a\n{0}", _Indent); // Master Profile object. This contains the long term Master Signing _Output.Write ("Master Profile object. This contains the long term Master Signing\n{0}", _Indent); // Key that will remain constant for the life of the profile, at least _Output.Write ("Key that will remain constant for the life of the profile, at least \n{0}", _Indent); // one Online Signature Key to be used for administering the personal _Output.Write ("one Online Signature Key to be used for administering the personal\n{0}", _Indent); // profile and (optionally), one or more master escrow keys. _Output.Write ("profile and (optionally), one or more master escrow keys.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // For convenience, the descriptions of the Master Signing Key, _Output.Write ("For convenience, the descriptions of the Master Signing Key, \n{0}", _Indent); // Online Signing Keys and Escrow Keys typically include PKIX _Output.Write ("Online Signing Keys and Escrow Keys typically include PKIX \n{0}", _Indent); // certificates signed by the Master Signing Key. This allows _Output.Write ("certificates signed by the Master Signing Key. This allows \n{0}", _Indent); // PKIX based applications to make use of PKIX certificate chains _Output.Write ("PKIX based applications to make use of PKIX certificate chains\n{0}", _Indent); // to express the same trust relationships described in the Mesh. _Output.Write ("to express the same trust relationships described in the Mesh.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{JSONDebugWriter.Write (Profile.PersonalMasterProfile)} _Output.Write ("{1}\n{0}", _Indent, JSONDebugWriter.Write (Profile.PersonalMasterProfile)); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The Master Profile is always signed using the Master Signing Key: _Output.Write ("The Master Profile is always signed using the Master Signing Key:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{JSONDebugWriter.Write (Profile.SignedMasterProfile)} _Output.Write ("{1}\n{0}", _Indent, JSONDebugWriter.Write (Profile.SignedMasterProfile)); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Since the device used to create the personal profile is typically _Output.Write ("Since the device used to create the personal profile is typically\n{0}", _Indent); // connected to the profile, a Device profile entry is created _Output.Write ("connected to the profile, a Device profile entry is created \n{0}", _Indent); // for it. This contains a Device Signing Key, a Device Encryption Key _Output.Write ("for it. This contains a Device Signing Key, a Device Encryption Key\n{0}", _Indent); // and a Device Authentication Key: _Output.Write ("and a Device Authentication Key:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% var DeviceProfile = Profile.Devices[0]; var DeviceProfile = Profile.Devices[0]; // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{JSONDebugWriter.Write (DeviceProfile.Data)} _Output.Write ("{1}\n{0}", _Indent, JSONDebugWriter.Write (DeviceProfile.Data)); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The Device Profile is signed using the Device Signing Key: _Output.Write ("The Device Profile is signed using the Device Signing Key:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{JSONDebugWriter.Write (DeviceProfile)} _Output.Write ("{1}\n{0}", _Indent, JSONDebugWriter.Write (DeviceProfile)); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // A personal profile would typically contain at least one application _Output.Write ("A personal profile would typically contain at least one application\n{0}", _Indent); // when first created. For the sake of demonstration, we will do this later. _Output.Write ("when first created. For the sake of demonstration, we will do this later.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The personal profile thus consists of the master profile and _Output.Write ("The personal profile thus consists of the master profile and \n{0}", _Indent); // the device profile: _Output.Write ("the device profile:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{JSONDebugWriter.Write (Profile)} _Output.Write ("{1}\n{0}", _Indent, JSONDebugWriter.Write (Profile)); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The personal profile is then signed using the Online Signing Key: _Output.Write ("The personal profile is then signed using the Online Signing Key:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{JSONDebugWriter.Write (SignedProfile)} _Output.Write ("{1}\n{0}", _Indent, JSONDebugWriter.Write (SignedProfile)); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ######Publishing a new user profile _Output.Write ("###Publishing a new user profile\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Once the signed personal profile is created, the client can finaly _Output.Write ("Once the signed personal profile is created, the client can finaly\n{0}", _Indent); // make the request for the service to create the account. The request object _Output.Write ("make the request for the service to create the account. The request object \n{0}", _Indent); // contains the requested account identifier and profile: _Output.Write ("contains the requested account identifier and profile:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // The service reports the success (or failure) of the account creation _Output.Write ("The service reports the success (or failure) of the account creation\n{0}", _Indent); // request: _Output.Write ("request:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Connecting a device profile to a user profile _Output.Write ("##Connecting a device profile to a user profile\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Connecting a device to a profile requires the client on the new _Output.Write ("Connecting a device to a profile requires the client on the new\n{0}", _Indent); // device to interact with a client on a device that has administration capabilities, _Output.Write ("device to interact with a client on a device that has administration capabilities,\n{0}", _Indent); // i.e. it has access to an Online Signing Key. Since clients cannot _Output.Write ("i.e. it has access to an Online Signing Key. Since clients cannot \n{0}", _Indent); // interact directly with other clients, a service is required to _Output.Write ("interact directly with other clients, a service is required to \n{0}", _Indent); // mediate the connection. This service is provided by a Mesh portal _Output.Write ("mediate the connection. This service is provided by a Mesh portal\n{0}", _Indent); // provider. _Output.Write ("provider.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // All service transactions are initiated by the clients. First the _Output.Write ("All service transactions are initiated by the clients. First the \n{0}", _Indent); // connecting device posts ConnectStart, after which it may poll for the _Output.Write ("connecting device posts ConnectStart, after which it may poll for the\n{0}", _Indent); // outcome of the connection request using ConnectStatus. _Output.Write ("outcome of the connection request using ConnectStatus.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Periodically, the Administration Device polls for a list of pending _Output.Write ("Periodically, the Administration Device polls for a list of pending\n{0}", _Indent); // connection requests using ConnectPending. After posting a request, _Output.Write ("connection requests using ConnectPending. After posting a request,\n{0}", _Indent); // the administration device posts the result using ConnectComplete: _Output.Write ("the administration device posts the result using ConnectComplete:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // Connecting Mesh Administration _Output.Write ("Connecting Mesh Administration\n{0}", _Indent); // Device Service Device _Output.Write (" Device Service Device\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // | | | _Output.Write (" | | |\n{0}", _Indent); // | ConnectStart | | _Output.Write (" | ConnectStart | |\n{0}", _Indent); // | ----------------------> | | _Output.Write (" | ----------------------> | |\n{0}", _Indent); // | | ConnectPending | _Output.Write (" | | ConnectPending |\n{0}", _Indent); // | | <---------------------- | _Output.Write (" | | <---------------------- |\n{0}", _Indent); // | | | _Output.Write (" | | |\n{0}", _Indent); // | | ConnectComplete | _Output.Write (" | | ConnectComplete |\n{0}", _Indent); // | | <---------------------- | _Output.Write (" | | <---------------------- |\n{0}", _Indent); // | ConnectStatus | | _Output.Write (" | ConnectStatus | |\n{0}", _Indent); // | ----------------------> | | _Output.Write (" | ----------------------> | |\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The first step in the process is for the client to generate a _Output.Write ("The first step in the process is for the client to generate a\n{0}", _Indent); // device profile. Ideally the device profile is bound to the device _Output.Write ("device profile. Ideally the device profile is bound to the device\n{0}", _Indent); // in a read-only fashion such that applications running on the _Output.Write ("in a read-only fashion such that applications running on the \n{0}", _Indent); // device can make use of the deencryption and authentication keys _Output.Write ("device can make use of the deencryption and authentication keys\n{0}", _Indent); // but these private keys cannot be extracted from the device: _Output.Write ("but these private keys cannot be extracted from the device:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{JSONDebugWriter.Write (Example.SignedDeviceProfile2.Data)} _Output.Write ("{1}\n{0}", _Indent, JSONDebugWriter.Write (Example.SignedDeviceProfile2.Data)); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The device profile is then signed: _Output.Write ("The device profile is then signed:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{JSONDebugWriter.Write (Example.SignedDeviceProfile2)} _Output.Write ("{1}\n{0}", _Indent, JSONDebugWriter.Write (Example.SignedDeviceProfile2)); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ######Profile Authentication _Output.Write ("###Profile Authentication\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // One of the main architecutral principles of the Mesh is _Output.Write ("One of the main architecutral principles of the Mesh is \n{0}", _Indent); // bilateral authentication. Every device that is connected to a _Output.Write ("bilateral authentication. Every device that is connected to a \n{0}", _Indent); // Mesh profile MUST authenticate the profile it is connecting _Output.Write ("Mesh profile MUST authenticate the profile it is connecting\n{0}", _Indent); // to and every Mesh profile administrator MUST authenticate devices _Output.Write ("to and every Mesh profile administrator MUST authenticate devices\n{0}", _Indent); // that are connected. _Output.Write ("that are connected.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Having created the necessary profile, the device MUST verify _Output.Write ("Having created the necessary profile, the device MUST verify \n{0}", _Indent); // that it is connecting to the correct Mesh profile. The best _Output.Write ("that it is connecting to the correct Mesh profile. The best \n{0}", _Indent); // mechanism for achieving this purpose depends on the capabilities _Output.Write ("mechanism for achieving this purpose depends on the capabilities \n{0}", _Indent); // of the device being connected. The administration device _Output.Write ("of the device being connected. The administration device \n{0}", _Indent); // obviously requires some means of communicating with the _Output.Write ("obviously requires some means of communicating with the \n{0}", _Indent); // user to serve its function. But the device being connected may _Output.Write ("user to serve its function. But the device being connected may\n{0}", _Indent); // have a limited display capability or no user interaction _Output.Write ("have a limited display capability or no user interaction \n{0}", _Indent); // capability at all. _Output.Write ("capability at all.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ########Interactive Devices _Output.Write ("####Interactive Devices\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // If the device has user input and display capabilities, it can _Output.Write ("If the device has user input and display capabilities, it can\n{0}", _Indent); // verify that it is connecting to the correct display by first _Output.Write ("verify that it is connecting to the correct display by first\n{0}", _Indent); // requesting the user enter the portal account of the profile _Output.Write ("requesting the user enter the portal account of the profile \n{0}", _Indent); // they wish to connect to, retreiving the profile associated _Output.Write ("they wish to connect to, retreiving the profile associated \n{0}", _Indent); // with the device and displaying the profile fingerprint. _Output.Write ("with the device and displaying the profile fingerprint. \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Point = Example.Traces.Get (Example.LabelConnectRequest); Point = Example.Traces.Get (Example.LabelConnectRequest); // _Output.Write ("\n{0}", _Indent); // The client requests the profile for the requested account name: _Output.Write ("The client requests the profile for the requested account name:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // The response contains the requested profile information. _Output.Write ("The response contains the requested profile information.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // Having received the profile data, the user can then _Output.Write ("Having received the profile data, the user can then \n{0}", _Indent); // verify that the device is attempting to _Output.Write ("verify that the device is attempting to \n{0}", _Indent); // connect to the correct profile by verifying that the _Output.Write ("connect to the correct profile by verifying that the \n{0}", _Indent); // fingerprint shown by the device attempting to connect is _Output.Write ("fingerprint shown by the device attempting to connect is\n{0}", _Indent); // correct. _Output.Write ("correct.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #########Constrained Interaction Devices _Output.Write ("####Constrained Interaction Devices\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Connection of an Internet of Things 'IoT' device that does _Output.Write ("Connection of an Internet of Things 'IoT' device that does \n{0}", _Indent); // not have the ability to accept user input requires a mechanism _Output.Write ("not have the ability to accept user input requires a mechanism\n{0}", _Indent); // by which the user can identify the device they wish to connect _Output.Write ("by which the user can identify the device they wish to connect \n{0}", _Indent); // to their profile and a mechanism to authenticate the profile _Output.Write ("to their profile and a mechanism to authenticate the profile \n{0}", _Indent); // to the device. _Output.Write ("to the device.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // If the connecting device has a wired communication capability _Output.Write ("If the connecting device has a wired communication capability\n{0}", _Indent); // such as a USB port, this MAY be used to effect the device _Output.Write ("such as a USB port, this MAY be used to effect the device \n{0}", _Indent); // connection using a standardized interaction profile. But _Output.Write ("connection using a standardized interaction profile. But \n{0}", _Indent); // an increasing number of constrained IoT devices are only _Output.Write ("an increasing number of constrained IoT devices are only \n{0}", _Indent); // capable of wireless communication. _Output.Write ("capable of wireless communication.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Configuration of such devices for the purpose of the Mesh requires _Output.Write ("Configuration of such devices for the purpose of the Mesh requires\n{0}", _Indent); // that we also consider configuration of the wireless networking _Output.Write ("that we also consider configuration of the wireless networking\n{0}", _Indent); // capabilities at the same time. The precise mechanism by which _Output.Write ("capabilities at the same time. The precise mechanism by which \n{0}", _Indent); // this is achieved is therefore outside the scope of this particular _Output.Write ("this is achieved is therefore outside the scope of this particular \n{0}", _Indent); // document. However prototypes have been built and are being considered _Output.Write ("document. However prototypes have been built and are being considered\n{0}", _Indent); // that make use of some or all of the following communication techniques: _Output.Write ("that make use of some or all of the following communication techniques:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Wired serial connection (RS232, RS485). _Output.Write ("* Wired serial connection (RS232, RS485).\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * DHCP signalling. _Output.Write ("* DHCP signalling.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Machine readable device identifiers (barcodes, QRCodes). _Output.Write ("* Machine readable device identifiers (barcodes, QRCodes).\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Default device profile installed during manufacture. _Output.Write ("* Default device profile installed during manufacture.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Optical communication path using camera on administrative device _Output.Write ("* Optical communication path using camera on administrative device\n{0}", _Indent); // and status light on connecting device to communicate the device _Output.Write ("and status light on connecting device to communicate the device \n{0}", _Indent); // identifier, challenge nonce and confirm profile fingerprint. _Output.Write ("identifier, challenge nonce and confirm profile fingerprint.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Speech output on audio capable connecting device. _Output.Write ("* Speech output on audio capable connecting device.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ######Connection request _Output.Write ("###Connection request\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // After the user verifies the device fingerprint as correct, the _Output.Write ("After the user verifies the device fingerprint as correct, the \n{0}", _Indent); // client posts a device connection request to the portal: _Output.Write ("client posts a device connection request to the portal:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[2].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[2].String()); // _Output.Write ("\n{0}", _Indent); // The portal verifies that the request is accepable and returns _Output.Write ("The portal verifies that the request is accepable and returns \n{0}", _Indent); // the transaction result: _Output.Write ("the transaction result:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[3].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[3].String()); // _Output.Write ("\n{0}", _Indent); // ######Administrator Polls Pending Connections _Output.Write ("###Administrator Polls Pending Connections\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The client can poll the portal for the status of pending requests _Output.Write ("The client can poll the portal for the status of pending requests\n{0}", _Indent); // at any time (modulo any service throttling restrictions at the _Output.Write ("at any time (modulo any service throttling restrictions at the \n{0}", _Indent); // service side). But the request status will only change when _Output.Write ("service side). But the request status will only change when\n{0}", _Indent); // an update is posted by an administration device. _Output.Write ("an update is posted by an administration device.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Since the user is typically connecting a device to their profile, _Output.Write ("Since the user is typically connecting a device to their profile,\n{0}", _Indent); // the next step in connecting the device is to start the administration _Output.Write ("the next step in connecting the device is to start the administration\n{0}", _Indent); // client. When started, the client polls for pending connection _Output.Write ("client. When started, the client polls for pending connection \n{0}", _Indent); // requests using ConnectPendingRequest. _Output.Write ("requests using ConnectPendingRequest.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Point = Example.Traces.Get (Example.LabelConnectPending); Point = Example.Traces.Get (Example.LabelConnectPending); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // The service responds with a list of pending requests: _Output.Write ("The service responds with a list of pending requests:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // ######Administrator updates and publishes the personal profile. _Output.Write ("###Administrator updates and publishes the personal profile.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The device profile is added to the Personal profile which is _Output.Write ("The device profile is added to the Personal profile which is\n{0}", _Indent); // then signed by the online signing key. The administration _Output.Write ("then signed by the online signing key. The administration\n{0}", _Indent); // client publishes the updated profile to the Mesh through the _Output.Write ("client publishes the updated profile to the Mesh through the\n{0}", _Indent); // portal: _Output.Write ("portal:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Point = Example.Traces.Get (Example.LabelConnectPublish); Point = Example.Traces.Get (Example.LabelConnectPublish); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // As usual, the service returns the response code: _Output.Write ("As usual, the service returns the response code:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // ######Administrator posts completion request. _Output.Write ("###Administrator posts completion request.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Having accepted the device and connected it to the profile, the _Output.Write ("Having accepted the device and connected it to the profile, the\n{0}", _Indent); // administration client creates and signs a connection completion _Output.Write ("administration client creates and signs a connection completion\n{0}", _Indent); // result which is posted to the portal using ConnectCompleteRequest: _Output.Write ("result which is posted to the portal using ConnectCompleteRequest:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Point = Example.Traces.Get (Example.LabelConnectAccept); Point = Example.Traces.Get (Example.LabelConnectAccept); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // Again, the service returns the response code: _Output.Write ("Again, the service returns the response code:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // ######Connecting device polls for status update. _Output.Write ("###Connecting device polls for status update.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // As stated previously, the connecting device polls the portal _Output.Write ("As stated previously, the connecting device polls the portal \n{0}", _Indent); // periodically to determine the status of the pending request _Output.Write ("periodically to determine the status of the pending request\n{0}", _Indent); // using ConnectStatusRequest: _Output.Write ("using ConnectStatusRequest:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Point = Example.Traces.Get (Example.LabelConnectStatus); Point = Example.Traces.Get (Example.LabelConnectStatus); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // If the response is that the connection status has not changed, _Output.Write ("If the response is that the connection status has not changed,\n{0}", _Indent); // the service MAY return a response that specifies a minimum _Output.Write ("the service MAY return a response that specifies a minimum \n{0}", _Indent); // retry interval. In this case however there is a connection result: _Output.Write ("retry interval. In this case however there is a connection result: \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // [Should probably unpack further.] _Output.Write ("[Should probably unpack further.]\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Adding an application profile to a user profile _Output.Write ("##Adding an application profile to a user profile\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Application profiles are published separately from the _Output.Write ("Application profiles are published separately from the \n{0}", _Indent); // personal profile to which they are linked. This allows a _Output.Write ("personal profile to which they are linked. This allows a \n{0}", _Indent); // device to be given administration capability for a particular _Output.Write ("device to be given administration capability for a particular\n{0}", _Indent); // application without granting administration capability for _Output.Write ("application without granting administration capability for \n{0}", _Indent); // the profile itself and the ability to connect additional _Output.Write ("the profile itself and the ability to connect additional \n{0}", _Indent); // profiles and devices. _Output.Write ("profiles and devices.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Another advantage of this separation is that an application _Output.Write ("Another advantage of this separation is that an application \n{0}", _Indent); // profile might be managed by a separate party. In an enterprise, _Output.Write ("profile might be managed by a separate party. In an enterprise,\n{0}", _Indent); // the application profile for a user's corporate email account _Output.Write ("the application profile for a user's corporate email account \n{0}", _Indent); // could be managed by the corporate IT department. _Output.Write ("could be managed by the corporate IT department.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // A user MAY have multiple application profiles for the same _Output.Write ("A user MAY have multiple application profiles for the same\n{0}", _Indent); // application. If a user has three email accounts, they would _Output.Write ("application. If a user has three email accounts, they would \n{0}", _Indent); // have three email application profiles, one for each account. _Output.Write ("have three email application profiles, one for each account.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // In this example, the user has requested a PaswordProfile to be _Output.Write ("In this example, the user has requested a PaswordProfile to be\n{0}", _Indent); // created. When populated, this records the usernames and passwords _Output.Write ("created. When populated, this records the usernames and passwords\n{0}", _Indent); // for the various Web sites that the user has created accounts at _Output.Write ("for the various Web sites that the user has created accounts at \n{0}", _Indent); // and has requested the Web browser store in the Mesh. _Output.Write ("and has requested the Web browser store in the Mesh.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Unlike a traditional password management service, the data stored _Output.Write ("Unlike a traditional password management service, the data stored\n{0}", _Indent); // the Password Profile is encrypted end to end and can only be _Output.Write ("the Password Profile is encrypted end to end and can only be \n{0}", _Indent); // decrypted by the devices that hold a decryption key. _Output.Write ("decrypted by the devices that hold a decryption key.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{Example.PasswordProfile} _Output.Write ("{1}\n{0}", _Indent, Example.PasswordProfile); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The application profile is published to the Mesh in the same _Output.Write ("The application profile is published to the Mesh in the same\n{0}", _Indent); // way as any other profile update, via a a Publish transaction: _Output.Write ("way as any other profile update, via a a Publish transaction:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Point = Example.Traces.Get (Example.LabelApplicationPublish); Point = Example.Traces.Get (Example.LabelApplicationPublish); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // The service returns a status response. _Output.Write ("The service returns a status response.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // Note that the degree of verification to be performed by the service _Output.Write ("Note that the degree of verification to be performed by the service\n{0}", _Indent); // when an application profile is published is an open question. _Output.Write ("when an application profile is published is an open question.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Having created the application profile, the administration client _Output.Write ("Having created the application profile, the administration client\n{0}", _Indent); // adds it to the personal profile and publishes it: _Output.Write ("adds it to the personal profile and publishes it:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Point = Example.Traces.Get (Example.LabelApplicationProfile); Point = Example.Traces.Get (Example.LabelApplicationProfile); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // Note that if the publication was to happen in the reverse order, _Output.Write ("Note that if the publication was to happen in the reverse order,\n{0}", _Indent); // with the personal profile being published before the application _Output.Write ("with the personal profile being published before the application\n{0}", _Indent); // profile, the personal profile might be rejected by the portal for _Output.Write ("profile, the personal profile might be rejected by the portal for \n{0}", _Indent); // inconsistency as it links to a non existent application profile. _Output.Write ("inconsistency as it links to a non existent application profile.\n{0}", _Indent); // Though the value of such a check is debatable. It might well _Output.Write ("Though the value of such a check is debatable. It might well\n{0}", _Indent); // be preferable to not make such checks as it permits an application _Output.Write ("be preferable to not make such checks as it permits an application\n{0}", _Indent); // profile to have a degree of anonymity. _Output.Write ("profile to have a degree of anonymity.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // ####Creating a recovery profile _Output.Write ("##Creating a recovery profile\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The Mesh invites users to put all their data eggs in one cryptographic _Output.Write ("The Mesh invites users to put all their data eggs in one cryptographic\n{0}", _Indent); // basket. If the private keys in their master profile are lost, they _Output.Write ("basket. If the private keys in their master profile are lost, they\n{0}", _Indent); // could lose all their digital assets. _Output.Write ("could lose all their digital assets.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The debate over the desirability of key escrow is a complex one. _Output.Write ("The debate over the desirability of key escrow is a complex one.\n{0}", _Indent); // Not least because voluntary key escrow by the user to protect _Output.Write ("Not least because voluntary key escrow by the user to protect\n{0}", _Indent); // the user's digital assets is frequently conflated with mechanisms _Output.Write ("the user's digital assets is frequently conflated with mechanisms\n{0}", _Indent); // to support 'Lawful Access' through government managed backdoors. _Output.Write ("to support 'Lawful Access' through government managed backdoors.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Accidents happen and so do disasters. For most users and most applications, _Output.Write ("Accidents happen and so do disasters. For most users and most applications,\n{0}", _Indent); // data loss is a much more important concern than data disclosure. The option _Output.Write ("data loss is a much more important concern than data disclosure. The option \n{0}", _Indent); // of using a robust key recovery mechanism is therefore essential for use of _Output.Write ("of using a robust key recovery mechanism is therefore essential for use of \n{0}", _Indent); // strong cryptography is to become ubiquitous. _Output.Write ("strong cryptography is to become ubiquitous.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // There are of course circumstances in which some users may prefer to risk _Output.Write ("There are of course circumstances in which some users may prefer to risk\n{0}", _Indent); // losing some of their data rather than risk disclosure. Since any key recovery _Output.Write ("losing some of their data rather than risk disclosure. Since any key recovery\n{0}", _Indent); // infrastructure necessarily introduces the risk of coercion, the _Output.Write ("infrastructure necessarily introduces the risk of coercion, the\n{0}", _Indent); // choice of whether to use key recovery or not is left to the user to _Output.Write ("choice of whether to use key recovery or not is left to the user to \n{0}", _Indent); // decide. _Output.Write ("decide.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The Mesh permits users to escrow their private keys in the Mesh itself _Output.Write ("The Mesh permits users to escrow their private keys in the Mesh itself\n{0}", _Indent); // in an OfflineEscrowEntry. Such entries are encrypted using the _Output.Write ("in an OfflineEscrowEntry. Such entries are encrypted using the\n{0}", _Indent); // strongest degree of encryption available under a symmetric key. _Output.Write ("strongest degree of encryption available under a symmetric key. \n{0}", _Indent); // The symmetric key is then in turn split using Shamir secret _Output.Write ("The symmetric key is then in turn split using Shamir secret\n{0}", _Indent); // sharing using an n of m threshold scheme. _Output.Write ("sharing using an n of m threshold scheme.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The OfflineEscrowEntry identifier is a UDF fingerprint of the symmetric _Output.Write ("The OfflineEscrowEntry identifier is a UDF fingerprint of the symmetric\n{0}", _Indent); // key used to encrypt the data. This guarantees that a party that has the _Output.Write ("key used to encrypt the data. This guarantees that a party that has the\n{0}", _Indent); // decryption key has the ability to locate the corresponding Escrow _Output.Write ("decryption key has the ability to locate the corresponding Escrow\n{0}", _Indent); // entry. _Output.Write ("entry.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The OfflineEscrowEntry is published using the usual Publish _Output.Write ("The OfflineEscrowEntry is published using the usual Publish\n{0}", _Indent); // transaction: _Output.Write ("transaction:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Point = Example.Traces.Get (Example.LabelEscrow); Point = Example.Traces.Get (Example.LabelEscrow); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // The response indicates success or failure: _Output.Write ("The response indicates success or failure:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Recovering a profile _Output.Write ("##Recovering a profile\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // To recover a profile, the user MUST supply the necessary number of _Output.Write ("To recover a profile, the user MUST supply the necessary number of \n{0}", _Indent); // secret shares. These are then used to calculate the UDF fingerprint _Output.Write ("secret shares. These are then used to calculate the UDF fingerprint\n{0}", _Indent); // to use as the locator in a Get transaction: _Output.Write ("to use as the locator in a Get transaction:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Point = Example.Traces.Get (Example.LabelRecover); Point = Example.Traces.Get (Example.LabelRecover); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // _Output.Write ("\n{0}", _Indent); // If the transaction succeeds, GetResponse is returned with the _Output.Write ("If the transaction succeeds, GetResponse is returned with the \n{0}", _Indent); // requested data. _Output.Write ("requested data.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // _Output.Write ("\n{0}", _Indent); // The client can now decrypt the OfflineEscrowEntry to recover the _Output.Write ("The client can now decrypt the OfflineEscrowEntry to recover the \n{0}", _Indent); // private key(s). _Output.Write ("private key(s).\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #end method }
// // #method MeshExamplesWeb CreateExamples Example // // MeshExamplesWeb // public void MeshExamplesWeb (CreateExamples Example) { // _Output.Write ("\n{0}", _Indent); // ##Password Management _Output.Write ("#Password Management\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Alice decides to use the Mesh to manage her Web usernames and passwords. _Output.Write ("Alice decides to use the Mesh to manage her Web usernames and passwords.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // She creates two accounts: _Output.Write ("She creates two accounts:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * example.com: username 'alice', password 'secret' _Output.Write ("* example.com: username 'alice', password 'secret'\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * cnn.com: username 'alice1', password 'secret' _Output.Write ("* cnn.com: username 'alice1', password 'secret'\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The JSON encoding of the password data is as follows: _Output.Write ("The JSON encoding of the password data is as follows:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{Example.PasswordProfilePrivate1} _Output.Write ("{1}\n{0}", _Indent, Example.PasswordProfilePrivate1); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The JSON encoded password data is then encrypted and stored in an _Output.Write ("The JSON encoded password data is then encrypted and stored in an\n{0}", _Indent); // application profile as follows: _Output.Write ("application profile as follows:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{Example.PasswordProfile} _Output.Write ("{1}\n{0}", _Indent, Example.PasswordProfile); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // As we saw earlier, Alice really needs to start using stronger passwords. _Output.Write ("As we saw earlier, Alice really needs to start using stronger passwords. \n{0}", _Indent); // Fortunately, having access to a password manager means that Alice doesn't _Output.Write ("Fortunately, having access to a password manager means that Alice doesn't\n{0}", _Indent); // need to remember different passwords for every site she uses any more. _Output.Write ("need to remember different passwords for every site she uses any more.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // In addition to offering to use the Mesh to remember passwords, a Web _Output.Write ("In addition to offering to use the Mesh to remember passwords, a Web\n{0}", _Indent); // browser can offer to automatically generate a password for a site. _Output.Write ("browser can offer to automatically generate a password for a site.\n{0}", _Indent); // This can be a much stronger password than the user would normally want _Output.Write ("This can be a much stronger password than the user would normally want\n{0}", _Indent); // to choose if they had to remember it. _Output.Write ("to choose if they had to remember it.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Alice chooses to use password generation. Her password manager profile is _Output.Write ("Alice chooses to use password generation. Her password manager profile is\n{0}", _Indent); // updated to reflect this new choice. _Output.Write ("updated to reflect this new choice.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{Example.PasswordProfilePrivate2} _Output.Write ("{1}\n{0}", _Indent, Example.PasswordProfilePrivate2); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Alice is happy to use the password manager for her general Web sites but _Output.Write ("Alice is happy to use the password manager for her general Web sites but\n{0}", _Indent); // not for the password she uses to log in to her bank account. When asked _Output.Write ("not for the password she uses to log in to her bank account. When asked\n{0}", _Indent); // if the password should be stored in the Mesh, Alice declines and asks _Output.Write ("if the password should be stored in the Mesh, Alice declines and asks \n{0}", _Indent); // not to be asked in the future. _Output.Write ("not to be asked in the future.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{Example.PasswordProfilePrivate3} _Output.Write ("{1}\n{0}", _Indent, Example.PasswordProfilePrivate3); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #end method }
static void Main(string[] args) { var Class = new CreateExamples(); Class.Go(args[0], args[1]); }
// #method RecryptExamplesWebOLD CreateExamples Example // // RecryptExamplesWebOLD // public void RecryptExamplesWebOLD (CreateExamples Example) { // _Output.Write ("\n{0}", _Indent); // ##Protocol Overview _Output.Write ("#Protocol Overview\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Here we put a description of the basic protocol _Output.Write ("Here we put a description of the basic protocol \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Connection Establishment _Output.Write ("##Connection Establishment\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // This part of the specification should be separated into a generic _Output.Write ("This part of the specification should be separated into a generic \n{0}", _Indent); // building block for reuse in other protocols. _Output.Write ("building block for reuse in other protocols.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The service discovery mechanism described in _Output.Write ("The service discovery mechanism described in \n{0}", _Indent); // [!draft-hallambaker-json-web-service-02] is used. _Output.Write ("[!draft-hallambaker-json-web-service-02] is used.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The Hello transaction MAY be used to determine specific _Output.Write ("The Hello transaction MAY be used to determine specific \n{0}", _Indent); // features of the particular Web Service. _Output.Write ("features of the particular Web Service.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The client request is: _Output.Write ("The client request is:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% var Point = Example.Traces.Get (Example.LabelHello); var Point = Example.Traces.Get (Example.LabelHello); // #% Example.Traces.Level = 0; Example.Traces.Level = 0; // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{Point.Messages[0].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[0].String()); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The service responds with a description of the service. This _Output.Write ("The service responds with a description of the service. This \n{0}", _Indent); // description MUST specify at least one supported protocol _Output.Write ("description MUST specify at least one supported protocol\n{0}", _Indent); // version. _Output.Write ("version.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // A typical client response is: _Output.Write ("A typical client response is:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // #{Point.Messages[1].String()} _Output.Write ("{1}\n{0}", _Indent, Point.Messages[1].String()); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // All versions of the protocol SHALL support the Hello transaction. _Output.Write ("All versions of the protocol SHALL support the Hello transaction.\n{0}", _Indent); // A service MUST support the use of JSON encoding for the _Output.Write ("A service MUST support the use of JSON encoding for the \n{0}", _Indent); // Hello transaction regardless of version. _Output.Write ("Hello transaction regardless of version. \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The set of encodings supportted by a protocol version is _Output.Write ("The set of encodings supportted by a protocol version is \n{0}", _Indent); // specified in the Encodings field. The encodings field MAY _Output.Write ("specified in the Encodings field. The encodings field MAY \n{0}", _Indent); // be omitted if only JSON is supported. _Output.Write ("be omitted if only JSON is supported.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // A service SHOULD support at least one protocol version with _Output.Write ("A service SHOULD support at least one protocol version with \n{0}", _Indent); // JSON encoding. _Output.Write ("JSON encoding.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #% Example.Traces.Level = 5; Example.Traces.Level = 5; // [Note that for the sake of concise presentation, the HTTP binding _Output.Write ("[Note that for the sake of concise presentation, the HTTP binding\n{0}", _Indent); // information is omitted from future examples.] _Output.Write ("information is omitted from future examples.]\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #end method }
// // // #method RecryptExamplesWeb CreateExamples Example // // RecryptExamplesWeb // public void RecryptExamplesWeb (CreateExamples Example) { // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ##Mesh/Recrypt _Output.Write ("#Mesh/Recrypt \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Mesh/Recrypt is a messaging infrastructure built on the Mathematical _Output.Write ("Mesh/Recrypt is a messaging infrastructure built on the Mathematical \n{0}", _Indent); // Mesh infrastructure that supports end-to-end encryption with: _Output.Write ("Mesh infrastructure that supports end-to-end encryption with:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Confidential Document Control _Output.Write ("* Confidential Document Control\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Asynchronous messaging (e.g. mail, mailing lists) _Output.Write ("* Asynchronous messaging (e.g. mail, mailing lists)\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Synchronous messaging (e.g. chat, voice, video) _Output.Write ("* Synchronous messaging (e.g. chat, voice, video)\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Mesh/Recrypt builds on the same suite of existing Internet standards _Output.Write ("Mesh/Recrypt builds on the same suite of existing Internet standards \n{0}", _Indent); // and specifications as the Mathematical Mesh. These include: _Output.Write ("and specifications as the Mathematical Mesh. These include:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * All messages and data structures are encoded using either JSON _Output.Write ("* All messages and data structures are encoded using either JSON \n{0}", _Indent); // encoding or the extended JSON-C encoding that offers efficient binary _Output.Write ("encoding or the extended JSON-C encoding that offers efficient binary\n{0}", _Indent); // encoding and compression of field tags and strings. _Output.Write ("encoding and compression of field tags and strings.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * All services are implemented as Web Services using HTTP transport and _Output.Write ("* All services are implemented as Web Services using HTTP transport and\n{0}", _Indent); // TLS for transport layer security. _Output.Write ("TLS for transport layer security.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Message layer security is provided using JOSE signature and _Output.Write ("* Message layer security is provided using JOSE signature and \n{0}", _Indent); // Encryption. _Output.Write ("Encryption.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Uniform Data Fingerprints are used to identify public keys _Output.Write ("* Uniform Data Fingerprints are used to identify public keys\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Use of DNS SRV records for Web Service discovery _Output.Write ("* Use of DNS SRV records for Web Service discovery\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Use of the .well-known convention to specify the Web Service _Output.Write ("* Use of the .well-known convention to specify the Web Service \n{0}", _Indent); // endpoint. _Output.Write ("endpoint.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // One significant limitation in the current implementation is that it _Output.Write ("One significant limitation in the current implementation is that it \n{0}", _Indent); // uses traditional Diffie Hellman key exchange in a finite field rather _Output.Write ("uses traditional Diffie Hellman key exchange in a finite field rather\n{0}", _Indent); // than the newly defined CFRG elliptic curve algorithms. This is due to _Output.Write ("than the newly defined CFRG elliptic curve algorithms. This is due to\n{0}", _Indent); // the version of the development environment having not caught up with _Output.Write ("the version of the development environment having not caught up with \n{0}", _Indent); // the development of the new standards yet. _Output.Write ("the development of the new standards yet.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // For clarity, the use of the command line tool 'recrypt' is shown. For _Output.Write ("For clarity, the use of the command line tool 'recrypt' is shown. For\n{0}", _Indent); // most production use, a GUI interface or integration of the recryption _Output.Write ("most production use, a GUI interface or integration of the recryption\n{0}", _Indent); // functions into the document editing and/or viewing tools would be _Output.Write ("functions into the document editing and/or viewing tools would be \n{0}", _Indent); // preferred. _Output.Write ("preferred.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #### Scenario _Output.Write ("## Scenario\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Since Confidential Document Control is the application that is not _Output.Write (" Since Confidential Document Control is the application that is not \n{0}", _Indent); // currently supported by existing open standards, we present this as _Output.Write (" currently supported by existing open standards, we present this as \n{0}", _Indent); // the example use case. The extension of the approach to other _Output.Write (" the example use case. The extension of the approach to other \n{0}", _Indent); // messaging modalities will be considered separately. _Output.Write (" messaging modalities will be considered separately.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // In the following examples, the named parties have the following _Output.Write (" In the following examples, the named parties have the following \n{0}", _Indent); // roles: _Output.Write (" roles:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // :Alice _Output.Write (":Alice\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ::The owner and administrator of the recryption group _Output.Write ("::The owner and administrator of the recryption group \n{0}", _Indent); // 'private#[email protected]'. She decides who is permitted to read _Output.Write (" '*****@*****.**'. She decides who is permitted to read \n{0}", _Indent); // documents that have been encrypted to this group and generates the _Output.Write (" documents that have been encrypted to this group and generates the \n{0}", _Indent); // necessary recryption keys. _Output.Write (" necessary recryption keys.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // :Bob _Output.Write (":Bob\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ::The person Alice grants read access to her controlled documents. _Output.Write ("::The person Alice grants read access to her controlled documents.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // :Service _Output.Write (":Service\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ::The service that enforces control of controlled documents. _Output.Write ("::The service that enforces control of controlled documents.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Note that the Service is only one part of the CDC infrastructure. _Output.Write ("Note that the Service is only one part of the CDC infrastructure. \n{0}", _Indent); // Alice sets policy for who is permitted access to the controlled _Output.Write ("Alice sets policy for who is permitted access to the controlled \n{0}", _Indent); // documents using the recrypt tool. The service is responsible for _Output.Write ("documents using the recrypt tool. The service is responsible for \n{0}", _Indent); // enforcement of that policy. _Output.Write ("enforcement of that policy.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Parties create a Mesh personal profile _Output.Write ("##Parties create a Mesh personal profile\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Alice creates a Mesh personal profile with a Mesh/Recrypt profile. _Output.Write ("Alice creates a Mesh personal profile with a Mesh/Recrypt profile. \n{0}", _Indent); // This can be done using a Mesh profile management tool or the recrypt _Output.Write ("This can be done using a Mesh profile management tool or the recrypt\n{0}", _Indent); // tool. The recrypt tool generates a Mesh/Recrypt profile by default: _Output.Write ("tool. The recrypt tool generates a Mesh/Recrypt profile by default:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // recrypt /personal [email protected] _Output.Write ("recrypt /personal [email protected]\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Bob and Carol do likewise but using a different Mesh portal. _Output.Write ("Bob and Carol do likewise but using a different Mesh portal.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // recrypt /personal [email protected] _Output.Write ("recrypt /personal [email protected]\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // recrypt /personal [email protected] _Output.Write ("recrypt /personal [email protected]\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // At this point Alice, Bob and Carol have established a persistent personal PKI. _Output.Write ("At this point Alice, Bob and Carol have established a persistent personal PKI.\n{0}", _Indent); // Since it is the only profile each has established for the account they _Output.Write ("Since it is the only profile each has established for the account they \n{0}", _Indent); // are using on the computer, it is automatically registered as the default _Output.Write ("are using on the computer, it is automatically registered as the default\n{0}", _Indent); // profile for that account and does not need to be specified in future _Output.Write ("profile for that account and does not need to be specified in future \n{0}", _Indent); // commands. _Output.Write ("commands.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // To simplify future examples, we assume that Alice and Bob have established _Output.Write ("To simplify future examples, we assume that Alice and Bob have established\n{0}", _Indent); // each other's profiles as trustworthy via some out of band process. _Output.Write ("each other's profiles as trustworthy via some out of band process. \n{0}", _Indent); // This might be through a direct trust model (i.e. exchange of profile _Output.Write ("This might be through a direct trust model (i.e. exchange of profile \n{0}", _Indent); // fingerprints), a brokered trust mode (e.g. a certificate issued by a CA) _Output.Write ("fingerprints), a brokered trust mode (e.g. a certificate issued by a CA)\n{0}", _Indent); // or some other mechanism to be determined. _Output.Write ("or some other mechanism to be determined.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // To use the protocol, the recyption service also requires a Mesh/Recrypt _Output.Write ("To use the protocol, the recyption service also requires a Mesh/Recrypt\n{0}", _Indent); // profile containing a public key to use for encryption. For simplicity _Output.Write ("profile containing a public key to use for encryption. For simplicity \n{0}", _Indent); // we assume that this is a WebPKI certificate using an appropriate validation _Output.Write ("we assume that this is a WebPKI certificate using an appropriate validation\n{0}", _Indent); // mechanism (e.g. Extended Validation). _Output.Write ("mechanism (e.g. Extended Validation).\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Alice creates a recryption group _Output.Write ("##Alice creates a recryption group\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // To create a recryption group, Alice just needs to specify the name for _Output.Write ("To create a recryption group, Alice just needs to specify the name for \n{0}", _Indent); // the group. Since this is a group for Alice's personal use, and the _Output.Write ("the group. Since this is a group for Alice's personal use, and the\n{0}", _Indent); // recryption service will be managed by her Mesh portal, she chooses _Output.Write ("recryption service will be managed by her Mesh portal, she chooses \n{0}", _Indent); // the name private#[email protected]. _Output.Write ("the name [email protected].\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // [The extent to which this convention is useful and/or requires enforcement _Output.Write ("[The extent to which this convention is useful and/or requires enforcement\n{0}", _Indent); // steps to be taken by portals is not currently understood. It seems _Output.Write ("steps to be taken by portals is not currently understood. It seems\n{0}", _Indent); // like a good idea but might not be.] _Output.Write ("like a good idea but might not be.]\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // recrypt /newgroup private#[email protected] _Output.Write ("recrypt /newgroup [email protected]\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // As with any other Mesh profile, the recryption group has both a friendly _Output.Write ("As with any other Mesh profile, the recryption group has both a friendly\n{0}", _Indent); // name and a UDF fingerprint. _Output.Write ("name and a UDF fingerprint.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The recryption group contains a master signature key and an encryption _Output.Write ("The recryption group contains a master signature key and an encryption\n{0}", _Indent); // key and is signed under the signature key: _Output.Write ("key and is signed under the signature key:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // Recrypt profile... _Output.Write ("Recrypt profile...\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The newly created recryption profile is published to both the recryption _Output.Write ("The newly created recryption profile is published to both the recryption \n{0}", _Indent); // service and the Mesh Portal. Note that even though the Mesh Portal and _Output.Write ("service and the Mesh Portal. Note that even though the Mesh Portal and \n{0}", _Indent); // Recryption Service are both provided by the same domain (example.com), _Output.Write ("Recryption Service are both provided by the same domain (example.com), \n{0}", _Indent); // these are distinct Web Services and may be hosted on separate machines. _Output.Write ("these are distinct Web Services and may be hosted on separate machines.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Since the use of a recryption group is a stored data encryption application _Output.Write ("Since the use of a recryption group is a stored data encryption application\n{0}", _Indent); // and Alice has opted to create a personal escrow key, the recrypt client _Output.Write ("and Alice has opted to create a personal escrow key, the recrypt client\n{0}", _Indent); // also _Output.Write ("also \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Alice encrypts a document _Output.Write ("##Alice encrypts a document\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Alice creates a text document containing the text 'this is a test' and _Output.Write ("Alice creates a text document containing the text 'this is a test' and\n{0}", _Indent); // saves it under the filename text.txt. _Output.Write ("saves it under the filename text.txt.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // To encrypt the document to the recryption group, Alice specifies the _Output.Write ("To encrypt the document to the recryption group, Alice specifies the \n{0}", _Indent); // file she wishes to encrypt and the name of the group: _Output.Write ("file she wishes to encrypt and the name of the group:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // recrypt /encrypt private#[email protected] test.txt _Output.Write ("recrypt /encrypt [email protected] test.txt\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The recryption client fetches the current recryption group profile from _Output.Write ("The recryption client fetches the current recryption group profile from \n{0}", _Indent); // the Mesh Portal and verifies that it meets the relevant trust criteria. _Output.Write ("the Mesh Portal and verifies that it meets the relevant trust criteria.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Since private#[email protected] is a sub-account of [email protected] _Output.Write ("Since [email protected] is a sub-account of [email protected]\n{0}", _Indent); // which Alice trusts because it is her own account. It suffices for the _Output.Write ("which Alice trusts because it is her own account. It suffices for the \n{0}", _Indent); // client to verify that Alice's current Mesh profile has an entry _Output.Write ("client to verify that Alice's current Mesh profile has an entry\n{0}", _Indent); // for the recryption group and has a valid signature. _Output.Write ("for the recryption group and has a valid signature.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Having acquired the recryption group profile, the client _Output.Write ("Having acquired the recryption group profile, the client \n{0}", _Indent); // extracts the group encryption key and uses it to create a JOSE _Output.Write ("extracts the group encryption key and uses it to create a JOSE \n{0}", _Indent); // encrypted message: _Output.Write ("encrypted message:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // TBS _Output.Write ("TBS\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The encrypted data is a wrapper that specifies the content _Output.Write ("The encrypted data is a wrapper that specifies the content \n{0}", _Indent); // metadata. _Output.Write ("metadata.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // TBS _Output.Write ("TBS\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The encrypted document is saved as test.txt.jcd (Jose Controlled Document) _Output.Write ("The encrypted document is saved as test.txt.jcd (Jose Controlled Document)\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The message format has been designed to permit authenticated and _Output.Write ("The message format has been designed to permit authenticated and\n{0}", _Indent); // encrypted messages to be generated and recieved as message streams _Output.Write ("encrypted messages to be generated and recieved as message streams \n{0}", _Indent); // without the need to buffer content. A protected message consists _Output.Write ("without the need to buffer content. A protected message consists \n{0}", _Indent); // of a list containing the following items in order: _Output.Write ("of a list containing the following items in order:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Header specifying the information necessary to decrypt the _Output.Write ("* Header specifying the information necessary to decrypt the \n{0}", _Indent); // message and the authentication algorithm. _Output.Write (" message and the authentication algorithm.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * The encrypted data. _Output.Write ("* The encrypted data.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Trailer specifying the authentication value. _Output.Write ("* Trailer specifying the authentication value.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // One disadvantage of using JSON encoding in an encryption scheme _Output.Write ("One disadvantage of using JSON encoding in an encryption scheme\n{0}", _Indent); // is that the need to encode binary data as Base63 encoded strings _Output.Write ("is that the need to encode binary data as Base63 encoded strings\n{0}", _Indent); // incurs a 33% inflation penalty on each pass. For this reason, _Output.Write ("incurs a 33% inflation penalty on each pass. For this reason, \n{0}", _Indent); // Mesh/Recrypt applications are required to accept (but not generate) _Output.Write ("Mesh/Recrypt applications are required to accept (but not generate)\n{0}", _Indent); // the JSON-B and JSON-C encodings which permit binary data to be _Output.Write ("the JSON-B and JSON-C encodings which permit binary data to be \n{0}", _Indent); // encoded directly. _Output.Write ("encoded directly.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Alice adds Bob and Carol to the recryption group _Output.Write ("##Alice adds Bob and Carol to the recryption group\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Alice adds Bob and Carol to the recryption tool by specifying their _Output.Write ("Alice adds Bob and Carol to the recryption tool by specifying their\n{0}", _Indent); // profile identifiers: _Output.Write ("profile identifiers:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // recrypt add private#[email protected] [email protected] _Output.Write ("recrypt add [email protected] [email protected]\n{0}", _Indent); // recrypt add private#[email protected] [email protected] _Output.Write ("recrypt add [email protected] [email protected]\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~ \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // To add each user the client: _Output.Write ("To add each user the client:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Acquires and validates the user's Mesh profile _Output.Write ("* Acquires and validates the user's Mesh profile\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Obtains the private key for the recryption group _Output.Write ("* Obtains the private key for the recryption group \n{0}", _Indent); // (stored on the machine). _Output.Write ("(stored on the machine).\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Creates a recryption entry as described earlier. _Output.Write ("* Creates a recryption entry as described earlier.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Encrypts recryption entry under the encryption key of the _Output.Write ("* Encrypts recryption entry under the encryption key of the\n{0}", _Indent); // recryption service. _Output.Write ("recryption service.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Publishes the encrypted recryption entry to the service _Output.Write ("* Publishes the encrypted recryption entry to the service \n{0}", _Indent); // using a secure channel (HTTPS to the Server WebPKI certificate). _Output.Write ("using a secure channel (HTTPS to the Server WebPKI certificate).\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The encrypted recryption entry is: _Output.Write ("The encrypted recryption entry is:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // TBS _Output.Write ("TBS\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The encrypted content within the recryption entry is: _Output.Write ("The encrypted content within the recryption entry is:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // TBS _Output.Write ("TBS\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Bob decrypts a document _Output.Write ("##Bob decrypts a document\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Alice sends the encrypted controlled document to Bob by whichever _Output.Write ("Alice sends the encrypted controlled document to Bob by whichever \n{0}", _Indent); // means is most convenient. Alice might send the document to Bob by email, _Output.Write ("means is most convenient. Alice might send the document to Bob by email, \n{0}", _Indent); // hand him a USB thumdrive or just save the document to an enterprise file _Output.Write ("hand him a USB thumdrive or just save the document to an enterprise file \n{0}", _Indent); // server that Bob has access to. _Output.Write ("server that Bob has access to.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // To read the document, Bob must decrypt it. Ideally the encryption and _Output.Write ("To read the document, Bob must decrypt it. Ideally the encryption and \n{0}", _Indent); // decryption of documents would be handled transparently by the application _Output.Write ("decryption of documents would be handled transparently by the application\n{0}", _Indent); // and/or platform. Instead Bob uses the recrypt tool: _Output.Write ("and/or platform. Instead Bob uses the recrypt tool:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // recrypt /decrypt test.txt.jcd _Output.Write ("recrypt /decrypt test.txt.jcd\n{0}", _Indent); // ~~~~ _Output.Write ("~~~~\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // To decrypt the document, the client: _Output.Write ("To decrypt the document, the client:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Reads the document header to determine that it is a recrypted document _Output.Write ("* Reads the document header to determine that it is a recrypted document\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Obtain a recryption grant from the recryption service indicated. This _Output.Write ("* Obtain a recryption grant from the recryption service indicated. This \n{0}", _Indent); // is encrypted under Bob's encryption key. _Output.Write ("is encrypted under Bob's encryption key.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Decrypt the recryption grant and the user portion of the recryption private key _Output.Write ("* Decrypt the recryption grant and the user portion of the recryption private key\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Combine the user and service data _Output.Write ("* Combine the user and service data\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // * Decrypt the message _Output.Write ("* Decrypt the message\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The recryption service may require Bob to authenticate before the recryption _Output.Write ("The recryption service may require Bob to authenticate before the recryption \n{0}", _Indent); // grant is provided. This prevents denial of service attacks on the service _Output.Write ("grant is provided. This prevents denial of service attacks on the service \n{0}", _Indent); // and allows the service to enforce quotas and/or accountability controls. _Output.Write ("and allows the service to enforce quotas and/or accountability controls.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Bob uses multiple devices _Output.Write ("##Bob uses multiple devices\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Recryption may be used to support multiple devices in more than one way. _Output.Write ("Recryption may be used to support multiple devices in more than one way.\n{0}", _Indent); // The approach that is most appropriate depends on the precise use scenario. _Output.Write ("The approach that is most appropriate depends on the precise use scenario.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The simplest method of supporting multiple devices is for Alice to create _Output.Write ("The simplest method of supporting multiple devices is for Alice to create \n{0}", _Indent); // multiple recryption entries for Bob, one for each of his authorized devices. _Output.Write ("multiple recryption entries for Bob, one for each of his authorized devices.\n{0}", _Indent); // Alice might prefer this approach despite the additional work for her _Output.Write ("Alice might prefer this approach despite the additional work for her \n{0}", _Indent); // because it allows her to decide which of Bob's devices are authorized to _Output.Write ("because it allows her to decide which of Bob's devices are authorized to \n{0}", _Indent); // read the documents she controls. The chief limitation of this approach is _Output.Write ("read the documents she controls. The chief limitation of this approach is\n{0}", _Indent); // that Bob must obtain Alice's approval to add or remove devices. _Output.Write ("that Bob must obtain Alice's approval to add or remove devices.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // In a more sophisticated approach, Bob administers his own recryption group _Output.Write ("In a more sophisticated approach, Bob administers his own recryption group\n{0}", _Indent); // and creates recryption keys for each device that is not to be an administrator _Output.Write ("and creates recryption keys for each device that is not to be an administrator\n{0}", _Indent); // device for the group. These are called standard devices. _Output.Write ("device for the group. These are called standard devices.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // To read Alice's document on a standard device, the device must first obtain _Output.Write ("To read Alice's document on a standard device, the device must first obtain\n{0}", _Indent); // the recryption key from Alice's recryption service as before, then contact _Output.Write ("the recryption key from Alice's recryption service as before, then contact \n{0}", _Indent); // Bob's recryption service to decrypt the recryption grant. _Output.Write ("Bob's recryption service to decrypt the recryption grant.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // [It is not clear at this stage how much data this leaks to the client and _Output.Write ("[It is not clear at this stage how much data this leaks to the client and \n{0}", _Indent); // to what extent Bob is trusting the recryption service to enforce policy. Each _Output.Write ("to what extent Bob is trusting the recryption service to enforce policy. Each \n{0}", _Indent); // ordinary device gains access to Bob's decryption key for the group. Instead of _Output.Write ("ordinary device gains access to Bob's decryption key for the group. Instead of\n{0}", _Indent); // using recryption to control access to the document itself, this approach uses _Output.Write ("using recryption to control access to the document itself, this approach uses \n{0}", _Indent); // recryption to control access to the recryption grant used to unlock the _Output.Write ("recryption to control access to the recryption grant used to unlock the \n{0}", _Indent); // document.] _Output.Write ("document.]\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // [For the most sensitive documents, Bob can reduce the degree of trust in _Output.Write ("[For the most sensitive documents, Bob can reduce the degree of trust in\n{0}", _Indent); // the recryption service by obtaining his recryption private user key for a _Output.Write ("the recryption service by obtaining his recryption private user key for a \n{0}", _Indent); // group and creating a recryption keyset for that device. The principal _Output.Write ("group and creating a recryption keyset for that device. The principal \n{0}", _Indent); // disadvantage of this approach is that this requires Alice and Bob to perform _Output.Write ("disadvantage of this approach is that this requires Alice and Bob to perform\n{0}", _Indent); // an administration operation when the group is created and each time the _Output.Write ("an administration operation when the group is created and each time the \n{0}", _Indent); // keys are changed. Another disadvantage is that if Bob has ten devices _Output.Write ("keys are changed. Another disadvantage is that if Bob has ten devices \n{0}", _Indent); // and is a member of a hundred recryption groups, he will need to administer _Output.Write ("and is a member of a hundred recryption groups, he will need to administer\n{0}", _Indent); // a thousand individual recryption entries.] _Output.Write ("a thousand individual recryption entries.]\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Alice revokes Carol’s group membership _Output.Write ("##Alice revokes Carol’s group membership\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // At minimum, revoking Carol read access to the group requires the client _Output.Write ("At minimum, revoking Carol read access to the group requires the client \n{0}", _Indent); // to inform the recryption service that the entry for Carol should be deleted. _Output.Write ("to inform the recryption service that the entry for Carol should be deleted.\n{0}", _Indent); // Relying on the recryption service to enforce the policy change requires _Output.Write ("Relying on the recryption service to enforce the policy change requires\n{0}", _Indent); // the service to be trusted which may or may not be acceptable. _Output.Write ("the service to be trusted which may or may not be acceptable.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // If the confidential data being controlled is particularly sensitive, Alice _Output.Write ("If the confidential data being controlled is particularly sensitive, Alice\n{0}", _Indent); // can block access to any new material encrypted under the group with a _Output.Write ("can block access to any new material encrypted under the group with a \n{0}", _Indent); // rollover of the group key and set of recryption keys. A client might _Output.Write ("rollover of the group key and set of recryption keys. A client might\n{0}", _Indent); // perform such a key rollover by default if the number of entries in the _Output.Write ("perform such a key rollover by default if the number of entries in the\n{0}", _Indent); // group is small. _Output.Write ("group is small. \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Bob loses a device _Output.Write ("##Bob loses a device\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The loss of a device requires Bob to perform the same tasks as Alice did _Output.Write ("The loss of a device requires Bob to perform the same tasks as Alice did\n{0}", _Indent); // to remove Carol from the recryption group. _Output.Write ("to remove Carol from the recryption group.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####Bob visits a hostile environment _Output.Write ("##Bob visits a hostile environment\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // If Bob knows that he is going to be visiting an environment where his device _Output.Write ("If Bob knows that he is going to be visiting an environment where his device\n{0}", _Indent); // may be searched by agents who may coerce him to reveal any decryption keys, _Output.Write ("may be searched by agents who may coerce him to reveal any decryption keys, \n{0}", _Indent); // he may avoid disclosure of confidential material by removing the device from _Output.Write ("he may avoid disclosure of confidential material by removing the device from \n{0}", _Indent); // the recryption group and deleting all the unencrypted confidential from it. _Output.Write ("the recryption group and deleting all the unencrypted confidential from it.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Bob access to the confidential material may be quickly restored through _Output.Write ("Bob access to the confidential material may be quickly restored through\n{0}", _Indent); // the introduction of a trusted third party. Before leaving, Bob creates _Output.Write ("the introduction of a trusted third party. Before leaving, Bob creates \n{0}", _Indent); // a recryption entry, and encrypts it under an encryption key unique to _Output.Write ("a recryption entry, and encrypts it under an encryption key unique to \n{0}", _Indent); // the device he is to use. This information is sent to the trusted third _Output.Write ("the device he is to use. This information is sent to the trusted third \n{0}", _Indent); // party via a secure channel. To regain access to the material, Bob must _Output.Write ("party via a secure channel. To regain access to the material, Bob must\n{0}", _Indent); // convince the trusted third party that he is safe and not in a situation _Output.Write ("convince the trusted third party that he is safe and not in a situation \n{0}", _Indent); // he is subject to coertion. _Output.Write ("he is subject to coertion.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #end method }
static void Main(string[] args) { var Program = new CreateExamples(); Program.Go(); }
// // // #method UDFExamplesWeb CreateExamples Example // // UDFExamplesWeb // public void UDFExamplesWeb (CreateExamples Example) { // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ####V5 Fingerprint calculation and presentation _Output.Write ("##V5 Fingerprint calculation and presentation\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // A V5 fingerprint value is a sequence of bits that provides a sufficiently _Output.Write ("A V5 fingerprint value is a sequence of bits that provides a sufficiently \n{0}", _Indent); // unique identifier for a public key. In addition to generating and accepting _Output.Write ("unique identifier for a public key. In addition to generating and accepting \n{0}", _Indent); // the text string presentation used in earlier versions of OpenPGP applications _Output.Write ("the text string presentation used in earlier versions of OpenPGP applications\n{0}", _Indent); // MAY support such additional presentation formats as are found to be useful. _Output.Write ("MAY support such additional presentation formats as are found to be useful.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Conforming V5 OpenPGP implementations MUST support the V5 Fingerprint _Output.Write ("Conforming V5 OpenPGP implementations MUST support the V5 Fingerprint\n{0}", _Indent); // text presentation format for display and entry of fingerprint values. _Output.Write ("text presentation format for display and entry of fingerprint values.\n{0}", _Indent); // Support for all other fingerprint values is optional. _Output.Write ("Support for all other fingerprint values is optional.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ######V5 Fingerprint value calculation _Output.Write ("###V5 Fingerprint value calculation\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The OpenPGP V5 fingerprint value is calculated as follows _Output.Write ("The OpenPGP V5 fingerprint value is calculated as follows\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Fingerprint = <Version-ID> + H (<Content-ID> + ‘:’ + H(<data>)) _Output.Write ("Fingerprint = <Version-ID> + H (<Content-ID> + ‘:’ + H(<data>))\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Where: _Output.Write ("Where:\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Version-ID = 0x60 _Output.Write ("Version-ID = 0x60\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Content-ID = "application/pgp-v5-key" _Output.Write ("Content-ID = \"application/pgp-v5-key\" \n{0}", _Indent); // <<MIME Content-Type string TBS by IANA>> _Output.Write (" <<MIME Content-Type string TBS by IANA>>\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // H(x) = SHA-2-512(x) _Output.Write ("H(x) = SHA-2-512(x)\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // <data> = <pgp-v5-key> _Output.Write ("<data> = <pgp-v5-key>\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // <pgp-v5-key> = _Output.Write ("<pgp-v5-key> = \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // a.1) 0x99 (1 octet) _Output.Write ("a.1) 0x99 (1 octet)\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // a.2) high-order length octet of (b)-(d) (1 octet) _Output.Write ("a.2) high-order length octet of (b)-(d) (1 octet)\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // a.3) low-order length octet of (b)-(d) (1 octet) _Output.Write ("a.3) low-order length octet of (b)-(d) (1 octet)\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // b) version number = 5 (1 octet); _Output.Write ("b) version number = 5 (1 octet);\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // c) algorithm (1 octet): 17 = DSA (example); _Output.Write ("c) algorithm (1 octet): 17 = DSA (example);\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // d) Algorithm-specific fields. _Output.Write ("d) Algorithm-specific fields.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The value of Version-ID is intentionally chosen so that _Output.Write ("The value of Version-ID is intentionally chosen so that\n{0}", _Indent); // the first character of every V5 fingerprint in the text presentation _Output.Write ("the first character of every V5 fingerprint in the text presentation \n{0}", _Indent); // format is 'M', a character that is guaranteed not to appear in a V4 _Output.Write ("format is 'M', a character that is guaranteed not to appear in a V4 \n{0}", _Indent); // or earlier fingerprint format where hexadecimal values were used. _Output.Write ("or earlier fingerprint format where hexadecimal values were used.\n{0}", _Indent); // Thus ensuring that V5 fingerprints are not accidentally confused. _Output.Write ("Thus ensuring that V5 fingerprints are not accidentally confused.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The construction of the data sequence over which the hash value _Output.Write ("The construction of the data sequence over which the hash value \n{0}", _Indent); // is calculated follows the construction used in V4 with the omission _Output.Write ("is calculated follows the construction used in V4 with the omission\n{0}", _Indent); // of the key creation timestamp field. This ensures that a given set _Output.Write ("of the key creation timestamp field. This ensures that a given set \n{0}", _Indent); // of public key parameters has exactly one V5 fingerprint value. _Output.Write ("of public key parameters has exactly one V5 fingerprint value.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The Content-ID is a MIME content type identifier that indicates that _Output.Write ("The Content-ID is a MIME content type identifier that indicates that\n{0}", _Indent); // fingerprint value is of data in the pgp-v5-key format specified _Output.Write ("fingerprint value is of data in the pgp-v5-key format specified \n{0}", _Indent); // above and is intended for use with an OpenPGP application. _Output.Write ("above and is intended for use with an OpenPGP application. \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // If a fingerprint value is to be calculated for a public key value _Output.Write ("If a fingerprint value is to be calculated for a public key value \n{0}", _Indent); // specified in a different format (e.g. a PKIX certificate or key) _Output.Write ("specified in a different format (e.g. a PKIX certificate or key)\n{0}", _Indent); // or for a future version of OpenPGP with a different <data> format, _Output.Write ("or for a future version of OpenPGP with a different <data> format,\n{0}", _Indent); // a different Content-ID value MUST be used. _Output.Write ("a different Content-ID value MUST be used.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ######V5 Fingerprint Text Presentation. _Output.Write ("###V5 Fingerprint Text Presentation.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The Binary Fingerprint Value is truncated to an integer multiple _Output.Write ("The Binary Fingerprint Value is truncated to an integer multiple \n{0}", _Indent); // of 25 bits regardless of the intended output presentation. _Output.Write ("of 25 bits regardless of the intended output presentation. \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // The output of the hash function is truncated to a sequence of n bits _Output.Write ("The output of the hash function is truncated to a sequence of n bits \n{0}", _Indent); // by first selecting the first n/8 bytes of the output function. If n _Output.Write ("by first selecting the first n/8 bytes of the output function. If n \n{0}", _Indent); // is an integer multiple of 8, no additional bits are required and _Output.Write ("is an integer multiple of 8, no additional bits are required and \n{0}", _Indent); // this is the result. Otherwise the remaining bits are taken from the _Output.Write ("this is the result. Otherwise the remaining bits are taken from the \n{0}", _Indent); // most significant bits of the next byte and any unused bits set to 0. _Output.Write ("most significant bits of the next byte and any unused bits set to 0.\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // For example, to truncate the byte sequence [a0, b1, c2, d3, e4] to _Output.Write ("For example, to truncate the byte sequence [a0, b1, c2, d3, e4] to \n{0}", _Indent); // 25 bits. 25/8 = 3 bytes with 1 bit remaining, the first three bytes _Output.Write ("25 bits. 25/8 = 3 bytes with 1 bit remaining, the first three bytes \n{0}", _Indent); // of the truncated sequence is [a0, b1, c2] and the final byte is _Output.Write ("of the truncated sequence is [a0, b1, c2] and the final byte is \n{0}", _Indent); // e4 AND 80 = 80 which we add to the previous result to obtain the _Output.Write ("e4 AND 80 = 80 which we add to the previous result to obtain the \n{0}", _Indent); // final truncated sequence of [a0, b1, c2, 80] _Output.Write ("final truncated sequence of [a0, b1, c2, 80]\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // A modified version of Base32 [!RFC4648] encoding is used to present _Output.Write ("A modified version of Base32 [!RFC4648] encoding is used to present \n{0}", _Indent); // the fingerprint in text form grouping the output text into groups of _Output.Write ("the fingerprint in text form grouping the output text into groups of \n{0}", _Indent); // five characters separated by a dash ‘-‘. _Output.Write ("five characters separated by a dash ‘-‘. \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // ## IANA Requirements _Output.Write ("# IANA Requirements\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // Register a new content type for application/pgp-v5-key _Output.Write ("Register a new content type for application/pgp-v5-key \n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // _Output.Write ("\n{0}", _Indent); // #end method }