You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

63 lines
2.0 KiB

9 months ago
# signedpkg file format
9 months ago
9 months ago
The signedpkg file format defines a deployment archive, which contains these
files in its main directory:
9 months ago
- distribution archive in a file named DIST.A
- distribution key in a file named DIST.KEY
9 months ago
- distribution signature in a file named DIST.SIG
9 months ago
To use a signedpkg the user needs:
- public key part of the deployment key
9 months ago
- private key part of the provisioning key
9 months ago
The signedpkg file format supports all archive file formats, which are
supported by [libarchive](https://github.com/libarchive/libarchive/wiki/LibarchiveFormats).
When unsure use the ZIP archive file format.
9 months ago
## distribution archive
The distribution archive contains a file and folder structure of files being
9 months ago
deployed. In the main directory there are only folders. The folder names
9 months ago
in the main directory mark symbolic installation locations, which are user
dependent.
9 months ago
In the p≡p provisioning there may be up to two such installation locations or
exactly one of them:
9 months ago
- PER_USER_DIRECTORY
9 months ago
- PER_MACHINE_DIRECTORY
9 months ago
9 months ago
All content is placed either in these directories or in subdirectories to these
directories, and is installed into locations relative to these.
9 months ago
The distribution archive is encrypted with the distribution key.
## distribution key
The distribution key is the AES<256> key, with which the distribution archive
is encrypted using GCM<AES>. DIST.KEY contains the distribution key encrypted
9 months ago
with the provisioning key using RSA-OAEP.
9 months ago
9 months ago
## distribution signature
The distribution signature is the ed25519 detached signature of the
distribution archive file DIST.A using the deployment key.
9 months ago
## deployment key
9 months ago
The deployment key is an ed25519 keypair stored in a private key part and a BER
9 months ago
encoded public key part.
The private key is used by the factory. The public key is used by the
deployment target.
9 months ago
## provisioning key
The provisioning key is an RSA keypair stored in a private key part and a BER
encoded public key part.
The private key is used by the deployment target. The public key is used by the
factory.