Skip to main content

OpenTDF Specification Overview

This section details the OpenTDF format, the primary specification for general-purpose Trusted Data Format (TDF) implementations. It utilizes a JSON-based manifest packaged with the encrypted payload within a standard Zip archive.

Core Concepts

Before diving into specific object definitions, understand these core OpenTDF concepts:

  • Security: Learn about what makes OpenTDF secure. See Security Concepts.
  • Key Access and Wrapping: How access control is defined using ABAC. See Access Control.

Format Structure

An OpenTDF file is a Zip archive, typically using the .tdf extension (e.g., document.pdf.tdf). It MUST contain the following components:

  1. manifest.json: A JSON file containing all metadata required for decryption and access control. This is the core of the TDF structure.
  2. payload: The encrypted original data. The filename within the archive is referenced by the manifest.json (commonly 0.payload).

img

Key Components of manifest.json

The manifest.json file orchestrates the TDF. Its main sections are:

  • Payload Description: Information about the encrypted payload (type, reference, protocol, encryption status). See Payload Object.
  • Encryption Information: Details on how the payload was encrypted, how to access the key, integrity checks, and the access policy. See Encryption Information. This includes:
  • Assertions: Optional, verifiable statements about the TDF or payload. See Assertions.

Manifest Schema

Use the links below to explore the detailed structure of each component: