encrypt-structure.md

Encrypt Structure

Version

1.1.0

Changelog

• 1.1.0

  • Update for simplified structured encryption

• 1.0.0

  • Initial record

Definitions

Conventions used in this document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Overview

This document describes the behavior by which a Structured Data is encrypted. We define encryption over this Structured Data to mean that authenticity is ensured over a non-empty set of Terminal Data, and confidentiality is ensured over a (possibly empty) subset of that Terminal Data.

Input

The following inputs to this behavior are REQUIRED:

• Table Name
• Structured Data
• Crypto Schema
• Cryptographic Materials Manager (CMM)

The following inputs to this behavior MUST be OPTIONAL:

• Algorithm Suite
• Encryption Context

Output

This operation MUST output the following:

• Encrypted Structured Data
• Crypto Schema: The Crypto Schema for each signed Terminal
• Parsed Header

Behavior

The input Structured Data and Crypto Schema MUST refer to the same set of locations.

The input Structured Data and Crypto Schema MUST be combined into a single Crypto List.

Encrypt Structure MUST then behave as Encrypt Path Structure

The output Crypto List produced by Encrypt Path Structure MUST be split into Structured Data and Crypto Schema maps.