Public key.
Stored in a file, should begin with "cm/pub/v0" [encoding/MAGIC].
magic {{field . {magic} =cm/pub/v0}}
schema-include fpr.tcl
schema-include algo-and-value.tcl
pub {
{field . {map} len=~}
{field id {with fpr}}
{field ku {set} >0 optional}
{field pub {with algo-and-value}}
{field sub {map} {of type str} >0}
{field crit {} !exists}
{field prehash {bin} >0 optional}
}
sub:
Subject is a map of arbitrary strings. Currently no constraints on
what fields must be present. Each application defines them on its
own. But you may mimic X.509's subject with keys like "CN", "C", "O"
and similar ones.
pub:
Public key itself.
id:
Public key(s)'s fingerprint *should* be generated as 256-bit
hash over the encoded "pub" field, if not stated otherwise for
specific algorithm. Exact hash algorithm depends on the public keys.
ku:
Intended public key(s) usage.
Application-specific example with multiple public keys is described
above. It *must* be absent if empty.
crit:
Optional critical (in terms of X.509) extensions. Non-critical
ones may be placed outside that map, directly in /data.
It *must* be absent if empty. Values are extension specific.
Certified public key is the [cm/sign/] structure, having
its "/tbs/typ" equals to "cm/pub/v0", and "/data" containing the
public key structure above.
Example minimal public key may look like:
MAGIC cm/pub/v0
MAP {
id {BIN "6aee..."}
pub {MAP {
ed25519-blake2b {BIN "c1bf..."}
}}
sub {MAP {
N {STR test}
}}
}
Example minimal certified public key may look like:
MAGIC cm/sign/v0
MAP {
tbs {MAP {
typ {STR pub}
}}
data {MAP {
id {BIN "6aee..."}
pub {MAP {
ed25519-blake2b {BIN "c1bf..."}
}}
sub {MAP {
N {STR test}
}}
}}
sigs {LIST {
{MAP {
tbs {MAP {
id {BIN [UUIDv7]}
sid {BIN "0087..."}
}}
sign {MAP {
ed25519-blake2b {BIN "7450..."}
}}
}}
}}
}
Backlinks:
0 [cm/] 0
1 [cm/encrypted/] 0
2 [cm/prv/] 0
3 [cm/pub/ed25519-blake2b] 2026-05-18 15:50:39 8
4 [cm/pub/gost3410] 2026-05-18 15:50:39 3
5 [cm/pub/mceliece6960119-x25519] 2026-05-18 15:50:39 18
6 [cm/pub/slh-dsa-shake-256s] 2026-05-18 15:50:39 4
7 [cm/pub/sntrup761-x25519] 2026-05-18 15:50:39 10
8 [cm/sign/] 0
9 [schema/tcl] 2026-05-22 13:27:10 148