diff options
| author | Magnus Feuer <mfeuer@jaguarlandrover.com> | 2015-07-21 19:07:07 -0700 |
|---|---|---|
| committer | Magnus Feuer <mfeuer@jaguarlandrover.com> | 2015-07-21 19:07:07 -0700 |
| commit | 8223c03424b1d0f757b854abb3aaf6df216b29cd (patch) | |
| tree | 4454fc4011c121b72f756c85d843e61e85755d82 /doc | |
| parent | bc968e1cb1b4a6a3e94b97b92ad2b5633f8e7533 (diff) | |
| download | rvi_core-8223c03424b1d0f757b854abb3aaf6df216b29cd.tar.gz | |
Formatting fixes in security doc
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/rvi_security.md | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/doc/rvi_security.md b/doc/rvi_security.md index 78f29ed..39d01b6 100644 --- a/doc/rvi_security.md +++ b/doc/rvi_security.md @@ -144,13 +144,13 @@ by the following command: Once executed, three files will be created: -1. ```my_root_key_priv.pem```<br> +1. <b>```my_root_key_priv.pem```</b><br> This file contains the private/public key pair that must never leave the credit issuer's trusted environment. It will be used to sign the JWT formatted device key and all certificates created by the certificate issuer. -2. ```my_root_key_pub.pem```<br> +2. <b>```my_root_key_pub.pem``</b>`<br> This file contains the public-only key that is to be installed on every RVI node that is to accept device keys and certificates signed by the certificate issuer. @@ -189,16 +189,16 @@ created key files. Once executed, three files will be created: -1. ```my_device_key_priv.pem```<br> +1. <b>```my_device_key_priv.pem```</b><br> This file contains the private/public key pair that must never leave the device's trusted environment. It will be used to sign outgoing service invocation request. -2. ```my_device_key_pub.pem```<br> +2. <b>```my_device_key_pub.pem```</b><br> This file contains the public-only key that is to be added to certificates issued for the device by a certificate issuer. -3. ```my_device_key_pub_sign.jwt```<br> +3. <b>```my_device_key_pub_sign.jwt```</b><br> This file contains the public-only key, signed by the root key, that is to be provided as authentication when an RVI node identifies itself toward another. The file is stored in JSON Web Token format. @@ -233,57 +233,57 @@ The certificate is created by the following command --issuer=jaguarlandrover.com The following arguments are provided -* ```--id=my_cert_id```<br> +* <b>```--id=my_cert_id```</b><br> System-wide unique ID to be assigned to this certificate. -* ```--device_key=my_device_key_pub.pem```<br> +* *```--device_key=my_device_key_pub.pem```*<br> Specifies that the public device key, generated by ```create_device_key.py``` shall be embedded into the generated certificate as the certificate owner. -* ```--root_key=my_root_key_priv.pem```<br> +* <b>```--root_key=my_root_key_priv.pem```</b><br> Specifies that the certificate shall be signed by the private root key generated by ```create_root_key.sh```. -* ```--invoke='jlr.com/backend/report jlr.com/backend/set_state'```<br> +* <b>```--invoke='jlr.com/backend/report jlr.com/backend/set_state'```</b><br> Gives the device with the certificate-embedded public key the right to invoke the services ```jlr.com/backend/report``` and ```jlr.com/backend/set_state```. -* ```--register='jlr.com/vin/abc/unlock jlr.com/vin/abc/lock'```<br> +* <b>```--register='jlr.com/vin/abc/unlock jlr.com/vin/abc/lock'```</b><br> Gives the device with the certificate-embedded public key the right to register the services ```jlr.com/backend/report``` and ```jlr.com/backend/set_state```. -* ```--start='2015-12-01 00:00:00'```<br> +* <b>```--start='2015-12-01 00:00:00'```</b><br> Specifies that the certificate shall become valid Dec 1, 2015 at midnight. -* ```--stop='2015-12-31 23:59:59'```<br> +* <b>```--stop='2015-12-31 23:59:59'```</b><br> Specifies that the certificate shall expire valid Dec 31, 2015 at 11:59:59 PM. -* ```--jwt_out=my_cert.jwt```<br> +* <b>```--jwt_out=my_cert.jwt```</b><br> Specifies the name of the JWT file that is to be written with the certificate signed by the root key in ```my_root_key_priv.pem```. -* ```--cert_out=my_cert.json```<br> +* <b>```--cert_out=my_cert.json```</b><br> Specifies a file to write a JSON-formatted copy of the certificate into. This file is for human inspection only and is not used by RVI or any other scropts. -* ```--issuer=jaguarlandrover.com```<br> +* <b>```--issuer=jaguarlandrover.com```</b><br> Specifies that the certificate issuer is ```jaguarlandrover.com```. This value is currently not used. Once executed, one mandatory and one optional file will be created: -1. ```my_cert.jwt```<br> +1. <b>```my_cert.jwt```</b><br> This file contains the generated certificate, signed by the private root key specified by ```--root_key=```. The content of this file will be provided by an RVI node to prove its righ to register and invoke services toward remote RVI nodes -2. ```my_cert.json```<br> +2. <b>```my_cert.json```</b><br> Only created if ```--cert_out=``` has been give. Contains a human readable JSON form of the generated root key. |