Document Status
This is a initial draft of the SSF32™ 1.0 specification.
While this draft has been released, it has not been approved by any standards body.
Implementors should periodically check the SSF32 online resources (see #Online Resources tab) for the current status of SSF32 documentation.
Abstract
The Secure Signature Format 32 Byte (SSF32) specification provides an extensible, tamper & corruption resistant file format for cryptographically secure signatures for files and strings.
The SSF32 specification is inspired by the patent-free PNG specification and is designed to provide a poratble, legally unencumbered, highly-secure, well-specified standard for encoding and decoding formatted pairs of cryptographically secure hashes & digital signatures.
The initial motivation for the SSF32 standard was to have a convenient, extensible, compact & cryptographically secure method for storing hashes and signatures for secure verification of files or strings transmitted across internet protocols or stored on blockchains.
All applications which encode or decode SSF32 files in compliance with this specification should utilize the industry standard OpenSSL Protocol or another secure & tested cryptographic protocol.
The SSF32 file format is a patent-free format licensed under the Apache 2.0 License.
This specification defines the Internet Media Type "application/ssf32".
Please review either the #License tab or the repository LICENSE.md for more information.
SSF32 features retained from the PNG Standard include:
- Complete hardware and platform independence.
- Reliable, straightforward detection of file corruption.
SSF32 is designed to be:
- Simple & portable.
- Secure: Reasonably cryptographically resistant to tampering or data corruption.
- Flexible: Allows for future extensions without compromising the fundementals of the specification.
- Robust: Designed to support full file integrity, including: simple, quick detection of common transmission errors, while also supporting highly optimized, industry standard cryptographic validation algorithms.
The primary purpose of this specification is to provide the definition of the Secure Signature Format and recommendations for the minimum required behaviour for encoders and decoders.
The #Appendix tab provides additional documentation, including rational for all design decisions.
While the #Appendix tab and its content are not part of the formal specification, it helps implementors to understand the design and intent behind this document. Its other purpose is to provide cross-references to relevant sections of rationale, examples or other supporting material.
Terms
The key words in this document:
- "MUST"
- "MUST NOT"
- "REQUIRED"
- "SHALL"
- "SHALL NOT"
- "SHOULD"
- "SHOULD NOT"
- "RECOMMENDED"
- "MAY"
- and "OPTIONAL"
are to be interpreted as described in RFC-2119.
Pronunciation
Phonetically, SSF is pronounced: "ɛs-ɛs-ɛf".