OpenTDF Specification Overview
This section details the OpenTDF format, the primary specification for general-purpose Trusted Data Format (TDF) implementations. It utilizes a JSON-based manifest packaged with the encrypted payload within a standard Zip archive.
Core Concepts
Before diving into specific object definitions, understand these core OpenTDF concepts:
- Security: Learn about what makes OpenTDF secure. See Security Concepts.
- Key Access and Wrapping: How access control is defined using ABAC. See Access Control.
Format Structure
An OpenTDF file is a Zip archive, typically using the .tdf
extension (e.g., document.pdf.tdf
). It MUST contain the following components:
manifest.json
: A JSON file containing all metadata required for decryption and access control. This is the core of the TDF structure.payload
: The encrypted original data. The filename within the archive is referenced by themanifest.json
(commonly0.payload
).
Key Components of manifest.json
The manifest.json
file orchestrates the TDF. Its main sections are:
- Payload Description: Information about the encrypted payload (type, reference, protocol, encryption status). See Payload Object.
- Encryption Information: Details on how the payload was encrypted, how to access the key, integrity checks, and the access policy. See Encryption Information. This includes:
- Key Access Objects: How and where to get the decryption key.
- Method: Symmetric encryption algorithm details.
- Integrity Information: Hashes/signatures for payload integrity.
- Policy: The access control policy (embedded as a Base64 string).
- Assertions: Optional, verifiable statements about the TDF or payload. See Assertions.
Manifest Schema
Use the links below to explore the detailed structure of each component: