|
|
@@ -5,7 +5,7 @@
|
|
|
Impact: None
|
|
|
Author: Herman Schoenfeld <[email protected]>
|
|
|
Comments-URI: https://discord.gg/sJqcgtD (channel #pip-0027)
|
|
|
- Status: Draft
|
|
|
+ Status: Proposed
|
|
|
Created: 2019-02-11
|
|
|
</pre>
|
|
|
|
|
|
@@ -65,15 +65,25 @@ An Extended PASA is defined by the below EBNF grammar:
|
|
|
| PasswordEncPayload | A payload which is AES256 encrypted using the specified password |
|
|
|
| Payload | The actual payload data, specified it an well-defined encoding |
|
|
|
| PayloadChecksum | An UINT16 specified by two hexbytes (4 hexdigits) that denotes a checksum of payload, used to ensure payload consistency (prevents typo/copy-paste errors) |
|
|
|
-| Password | The password used in PasswordEndPayload. Must be specified as a safe ANSI string (chars 32..126) |
|
|
|
+| Password | The password used in PasswordEndPayload. Must be specified as a SafeAnsiString (chars 32..126) |
|
|
|
+| SafeAnsiString | An ANSI string involvolving subset characters 32..126 |
|
|
|
| Base58String | A Base58-encoded string. This is used for specifying public keys, and hashes of public keys |
|
|
|
| HexString | A hexadecimal-encoded string prefixed with a 0x. Every byte specified by two hexdigits, lower-case |
|
|
|
|
|
|
+
|
|
|
+**NOTES**:
|
|
|
+ * Text payload and passwords are restricted to ANSI charset subset range 32..126
|
|
|
+ * The following characters **\\**, **"**, and **}** must be escaped in ASCII payloads/AES passwords via preceding **\\**
|
|
|
+
|
|
|
#### Validation Rules
|
|
|
|
|
|
#### PASA Checksum
|
|
|
|
|
|
-TODO: add existing PASA checksum rule
|
|
|
+Layer-1 account checkum must be the following number:
|
|
|
+
|
|
|
+```
|
|
|
+ Checksum = ((PASA*101) MOD 89) + 10
|
|
|
+```
|
|
|
|
|
|
#### Payload Checksum
|
|
|
|
|
|
@@ -95,55 +105,108 @@ In order to avoid data entry errors, the payload portion is **optionally** check
|
|
|
|
|
|
#### Payload Lengths
|
|
|
|
|
|
-The following validation rules must be applied to Payload lends
|
|
|
-
|
|
|
-- For public unecrypted ASCII payloads the string length must be less than or equal to 255
|
|
|
-- For ECIES encrypted ASCII payloads the string length must be less than or equal to ???
|
|
|
-- For AES encrypted ASCII payloads the string length must be less than or equal to ???
|
|
|
-- For public unecrypted Hexadecimal or Base58 payloads the string length must be less than or equal to 510
|
|
|
-- For ECIES encrypted Hexadecimal or Base58 payloads the string length must be less than or equal to ???
|
|
|
-- For AES encrypted Hexadecimal or Base58 payloads the string length must be less than or equal to ???
|
|
|
-
|
|
|
+The following validation rules must be applied to Payload lengths
|
|
|
+
|
|
|
+| Payload Type | Encryption Mode | Byte-form Length | E-PASA string-form length |
|
|
|
+| :------------------- | :--------------- | :------------------ | :------------------------- |
|
|
|
+| ASCII | None (Public) | 255 | 255 |
|
|
|
+| ASCII | ECIES | 144 | 144 |
|
|
|
+| ASCII | AES | 223 | 223 |
|
|
|
+| Hexadecimal | None (Public) | 255 | 510+2 |
|
|
|
+| Hexadecimal | ECIES | 144 | 288+2 |
|
|
|
+| Hexadecimal | AES | 223 | 446+2 |
|
|
|
+| Base58 | None (Public) | 255 | 348 |
|
|
|
+| Base58 | ECIES | 144 | 196 |
|
|
|
+| Base58 | AES | 223 | 304 |
|
|
|
+
|
|
|
+**NOTE:** +2 accounts for "0x" prefix for hexadecimal strings
|
|
|
+
|
|
|
## E-PASA Examples
|
|
|
|
|
|
### With ASCII payloads
|
|
|
|
|
|
-| Rule | Explanation |
|
|
|
-| :---------------------------------------- | :-------------------------------------------------------------------------------------------------------------- |
|
|
|
-| 123456-77 | Backwards compatible to PASA 123456-77 This is a layer-2 address, fully backwards compatible as Layer-1 address |
|
|
|
-| 123456-77["Hello World!"] | Public ASCII payload "Hello World!", no checksum protection |
|
|
|
-| 123456-77["Hello World!"]:10cb | Same but checksum protected |
|
|
|
-| 123456-77("Hello World!"):7ba2 | ECIES encrypted payload using **recipient's public key** and checksum protected |
|
|
|
-| 123456-77<"Hello World!">:b51f | ECIES encrypted payload using **senders public key** and checksum protected |
|
|
|
-| 123456-77{"Hello World!":!43lp|-d|a%@#!} | AES256 encrypted payload using password **!43lp|-d|a%@#!** |
|
|
|
-| 123456-77{"Hello World!":\\\\\\"\\}}:24bc | AES256 encrypted payload using password **\\"}** and checksum protected (note escaping of reserved chars) |
|
|
|
-
|
|
|
-**NOTE**: Text payload and passwords are restricted to ANSI charset subset 32..126;
|
|
|
-
|
|
|
-**NOTE**: The characters that need escaping in text payloads or passwords are **\\**, **"**, and **}**.
|
|
|
-
|
|
|
-### With hexadecimal payloads
|
|
|
-
|
|
|
-| Rule | Explanation |
|
|
|
-| :---------------------------------------- | :-------------------------------------------------------------------------------------------------------------- |
|
|
|
-| 77-44 | Backwards compatible to PASA 123456-77 This is a layer-2 address, fully backwards compatible as Layer-1 address |
|
|
|
-| 77-44[0x416c70686124] | Public hexadecimal payload 0x123abc, no checksum protection |
|
|
|
-| 77-44[0x416c70686124]:10cb | Same but checksum protected |
|
|
|
-| 77-44(0x416c70686124):7ba2 | ECIES encrypted payload using **recipient's public key** and checksum protected |
|
|
|
-| 77-44<0x416c70686124>:b51f | ECIES encrypted payload using Recipient key and checksum protected |
|
|
|
-| 123456-77{0x416c70686124:!43lp|-d|a%@#!} | AES256 encrypted payload using password **!43lp|-d|a%@#!** |
|
|
|
-TODO: add escaped password examples
|
|
|
-
|
|
|
-TODO: add Base58 examples
|
|
|
+<table>
|
|
|
+<thread>
|
|
|
+ <th width="350">E-PASA</th>
|
|
|
+ <th>Description</th>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+ <tr><td>123456-77</td><td>Account 123456-77 (backwards compatible)</td></tr>
|
|
|
+ <tr><td>123456-77["Hello World!"]</td><td>With public ASCII payload "Hello World!" without checksum protection</td></tr>
|
|
|
+ <tr><td>123456-77["Hello World!"]:10cb</td><td>Checksum protected</td></tr>
|
|
|
+ <tr><td>123456-77("Hello World!"):7ba2</td><td>ECIES encrypted using <b>recipients</b> public key</td></tr>
|
|
|
+ <tr><td>123456-77<"Hello World!">:b51f</td><td>ECIES encrypted using <b>senders</b> public key</td></tr>
|
|
|
+ <tr><td>123456-77{"Hello World!":!43lp|-d|a%@#!}</td><td>AES256 encrypted payload using password <b>!43lp|-d|a%@#!</b></td></tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+
|
|
|
+### With Hexadecimal payloads
|
|
|
+
|
|
|
+<table>
|
|
|
+<thread>
|
|
|
+ <th width="350">E-PASA</th>
|
|
|
+ <th>Description</th>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+ <tr><td>77-44[0x416c70686124]</td><td>Account 77-44 with unencrypted (public) hexadecimal payload <b>without</b> protection</td></tr>
|
|
|
+ <tr><td>77-44[0x416c70686124]:10cb</td><td>Checksum protected</td></tr>
|
|
|
+ <tr><td>77-44(0x416c70686124):7ba2</td><td>ECIES encrypted using <b>recipients</b> public key (and checksum protected)</td></tr>
|
|
|
+ <tr><td>77-44<0x416c70686124>:b51f</td><td>ECIES encrypted using <b>senders</b> public key (and checksum protected)</td></tr>
|
|
|
+ <tr><td>77-44{0x416c70686124:!43lp-da%@#!}</td><td>AES encrypted using password <b>!43lp-da%@#!</b></td></tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+
|
|
|
+
|
|
|
+### With Base58 payloads
|
|
|
+
|
|
|
+<table>
|
|
|
+<thread>
|
|
|
+ <th width="500">E-PASA</th>
|
|
|
+ <th>Description</th>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+ <tr><td>77-44[1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2]</td><td>Account 77-44 with unencrypted (public) Base58 payload (bitcoin address) <b>without</b> checksum protection</td></tr>
|
|
|
+ <tr><td>77-44[1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2]:10cb</td><td>Checksum protected</td></tr>
|
|
|
+ <tr><td>77-44(1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2):7ba2</td><td>ECIES encrypted using <b>recipients</b> public key</td></tr>
|
|
|
+ <tr><td>77-44<1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2>:b51f</td><td>ECIES encrypted using <b>senders</b> public key</td></tr>
|
|
|
+ <tr><td>77-44{1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2:!43lp-da%@#!}</td><td>AES encrypted using password <b>!43lp-da%@#!</b></td></tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
+
|
|
|
+
|
|
|
+### Special Cases
|
|
|
+
|
|
|
+<table>
|
|
|
+<thread>
|
|
|
+ <th width="500">E-PASA</th>
|
|
|
+ <th>Description</th>
|
|
|
+</thead>
|
|
|
+<tbody>
|
|
|
+ <tr><td>999-72["Message with all escaped chars \\\"\} here"]</td><td>Public ANSI string <b>Message with all escaped chars \"} here</b></td></tr>
|
|
|
+ <tr><td>999-72[]</td><td>Empty public payload (all zeros)</td></tr>
|
|
|
+ <tr><td>999-72[]:10cb</td><td>Empty public payload with checksum protection</td></tr>
|
|
|
+ <tr><td>999-72():7ba2</td><td>ECIES encrypted empty payload using <b>recipients</b> public key</td></tr>
|
|
|
+ <tr><td>999-72<>:b51f</td><td>ECIES encrypted empty payload using <b>senders</b> public key</td></tr>
|
|
|
+ <tr><td>999-72{:Alpha1%}</td><td>AES encrypted empty payload using password <b>Alpha1%</b></td></tr>
|
|
|
+ <tr><td>999-72{"Hello":Funny\"Pwd}</td><td>AES encrypted empty payload using escaped password <b>Funny"Pwd</b></td></tr>
|
|
|
+ <tr><td>999-72{"Hello":\\\"\}}</td><td>AES encrypted empty payload using escaped password <b>\"}</b></td></tr>
|
|
|
+</tbody>
|
|
|
+</table>
|
|
|
|
|
|
## Rationale
|
|
|
|
|
|
-The design approach was to remain backwards compatible in order to allow existing JSON API's to simply accept E-PASA addresses and which automatically fill out the payload fields.
|
|
|
+The design approach was to remain backwards compatible so that EPASA can replace "account" in existing JSON APIs. The caller need not specify Payloads anymore since the EPASA can contain the Payload.
|
|
|
+
|
|
|
|
|
|
## Backwards Compatibility
|
|
|
|
|
|
This PIP is backwards compatible and does not require a hard-fork activation, only an implementation change.
|
|
|
|
|
|
+## Acknowledgements
|
|
|
+* Ugochukwu Mmaduekwe for assistance developing payload length validation rules
|
|
|
+* Benjamin Ansbach for regular feedback, assistance and insightful suggestions
|
|
|
+* UrbanCohort for elegancy-improving suggestion
|
|
|
+
|
|
|
## Reference Implementation
|
|
|
|
|
|
WIP
|
Herman Schoenfeld