Skip to content

URI Registry

Tony Arcieri edited this page Apr 17, 2014 · 12 revisions

Below is a list of the URI schemes utilized by ORDO. The primary use is representing various types of cryptographic algorithms and their associated parameters. They are also used for representing names of objects in the system (most notably Distinguished Names).

The URIs used by ORDO are intended to be valid URI Generic Syntax per RFC-3986. This particular interpretation of the URI generic syntax is inspired by Naming Things with Hashes: RFC 6920.

ORDO URIs have the following general format:

ordo.schemename:///thing+encoding?param=value

ordo.hash: Hash Functions

The ordo.hash URI scheme identifies hash functions, of which the following are officially recognized:

ordo.symmetric-encryption: Secret Key Ciphers

The ordo.symmetric-encryption URI scheme identifies symmetric encryption ciphers, of which the following are officially recognized:

  • ordo.symmetric-encryption:///xsalsa20poly1305: The crypto_secretbox authenticated secret-key encryption cipher

ordo.pbkdf: Password-Based Key Derivation Functions

The ordo.pbkdf URI scheme identifies password-based key derivation functions (a.k.a. password hashing functions), and can also be used to identify a particular combination of parameters to a PBKDF as well as a complete password digest for the purposes of password storage.

All PBKDFs support a salt parameter which defines a unique random string used as input to the KDF.

The following PBKDFs are officially recognized:

  • ordo.pbkdf:///pbkdf2-sha512+base32c: The PBKDF2 password-based key derivation function, used in conjunction with the SHA-512 hash function with digest and salt rendered in Base32c content encoding. PBKDF2 supports the c parameter for CPU cost (number of iterations)
  • ordo.pbkdf:///scrypt+base32c: The scrypt sequential memory-hard password-based KDF with the digest and salt rendered in Base32c content encoding. scrypt supports the N (CPU cost), r (memory cost), and p (parallelism) parameters.