Envelopes

DiME, the open and trust-based data format building secure Application-based Public-Key Infrastructures (APKIs) in a breeze.

A DiME envelope encapsulates other DiME items. This produces the consistent format for encoded DiME items and always starts with the header 'Di'. All DiME encoded strings are envelopes, no matter if they contain one or more items.

Envelopes may either be unsigned or signed. The main difference is that signed envelopes uses a digital signature to protect the integrity of the content. In some cases this may not be needed, as individual DiME items may themselves be digitally signed, thus making it unnessarcy to sign the encapsulating envelope..

Unsigned envelope

An unsigned envelope only consists of the header ('Di') and any items within separated by a colon (':'), known as an item separator. Below is an example of an anonymous envelope containing an identity item:

Di:ID.eyJjYXAiOlsiZ2VuZXJpYyIsImlzc3VlIiwic2VsZiJdLCJleHAiOiIyMDMyLTA5LTMwVDE0OjQxOjUzLjEyMTUwMFoiLCJpYXQiOiIyMDIyLTEwLTAzVDE0OjQxOjUzLjEyMTUwMFoiLCJpc3MiOiJiNDNjNDgyOC0wOTYxLTRiZDYtYjdhYy1lNzZiOTg4YmFmZjAiLCJwdWIiOiJTVE4uZFgycVJtWWZ2eFRNdVZIeml2a1hjUU0zQWROMm44aEhoRkJ2ZnNENDhXVGVzcjRZVSIsInN1YiI6ImI0M2M0ODI4LTA5NjEtNGJkNi1iN2FjLWU3NmI5ODhiYWZmMCIsInN5cyI6ImlvLmRpbWVmb3JtYXQucmVmIiwidWlkIjoiMTU3NGZkZDEtMDRkOC00MjRjLTgyYjItZjkxMDFkNTliYjI3In0.MjY3MDU3ZmQ5N2UyMDNmNi41MjI1NDExMjhhOGNhZTViYWI5MTQ1ZDdjYTFlNWIxMzYyZTU3Mzg5ZjE5NjQyMjhiNjZmZWYwZDdjYmUwYzM0YTM1YzA3YWRmMzIwMWFmNDU1ZmMwNjBiM2E5NmY5MzlkNTQ3ZGIwZGFmZTMzNWJmN2MyZjc1YmFhNjVjNjAwYg

No separate validation is required for an unsigned envelope. However, items contained within may need to be verified independently.

Signed envelope

Signed envelopes are DiME envelopes that, besides containing one or more items, also carry a signature at the end that protects the integrity of all enclosed items. The following example shows a signed envelope where the signature is placed after the final item separator (':'):

Di.eyJjdHgiOiJ0ZXN0LWNvbnRleHQiLCJpYXQiOiIyMDIyLTEwLTIzVDEyOjA3OjM4LjYwNjQ3OVoiLCJpc3MiOiJlZjRkNWJmMC1mOWVkLTQzZTktYmE3ZC0wMGNkNDEwYzJmMmMifQ:DAT.eyJleHAiOiIyMDIyLTEwLTIzVDEyOjA4OjM4LjYwODU4N1oiLCJpYXQiOiIyMDIyLTEwLTIzVDEyOjA3OjM4LjYwODU4N1oiLCJpc3MiOiJjYzMwNWY3NC02MWRjLTRlY2UtYmQ1MC1jYTg4NWQwYzM2OWYiLCJtaW0iOiJ0ZXh0L3BsYWluIiwidWlkIjoiMmJhZTk0MTktYjZiNy00MmE0LWFhM2YtNmVlZTQxMWZhN2IwIn0.UmFjZWNhciBpcyByYWNlY2FyIGJhY2t3YXJkcy4.YjkyMjMwYzBkNTY0YjU0NS5mNGNmYzAyODc4ZWYzZGI5NjkzNThhMTg3OGY2ODE2Y2I1YjI0MmQ0ZmVmNjIwNmRiMTg2YzNjNmE4MjcwYjM5OGMxMzc1Y2U0NGVlZjJmZTczNTE1MzRjZTk3MWU2OTc1MTY0NDNkZDQxMjFhNmU0NGNlYmEwMjFkYTIzODcwYw:YjkyMjMwYzBkNTY0YjU0NS41ZmYyOGU0YzRjYzk3OTE1MjliOGQ2ZmI2YTNjNzE2NmJiZjM4ODk0NjU2Njc5ZjczODM2ZmQ4MGYwYjI3OWY3YzdjMTI3NGFmNDIxYjYzMzY1OTg4MzMyMzAwOGU0NmZiMjE4ZmQzYTA5ZGYwYWM5NzczMzM3YzA5NTI5ZGIwOQ

The envelope signature should be verified before any processing of items inside a signed envelope. The public key to verify a signature may indicated by claims components following the header ('Di').

Claims

Claims are information associated with the envelope. These are stored in the component following the header ('Di'). This component is only included if the envelope is signed and, among other things, identified the entity that signed the enveloped and when it was issued.

For more details information around available claims refer to Claims.

Last updated