Peppol v1
The Peppol envelope follows the General JWE Serialization Syntax of the JSON Web Encryption standard (JWE) specified in RFC 7516
JWE is chosen because
- support for multiple recipients
- support for multiple encryption algorithms
- support for additional authenticated data
High Level Overview
Creating a Peppol V1 Envelope with createTransaction
| Argument | Type | Description |
|---|---|---|
| version | number | 1 |
| value | Buffer | raw file contents |
| pubKey | string | JWK | ES256 Public key of the receiver, either as JWK or as uncompressed hex string |
| options | Object | |
| options.extra | Buffer | Extra data to include in the encrypted payload |
| signingKey | JWK | Optional key to sign the envelope |
General JWE Serialization Syntax
| Field | Description | Use in Peppol v1 |
|---|---|---|
| protected | integrity protected header | declares algorithm A256GCM |
| unprotected | header without integrity protection | |
| iv | initialization vector | used by A256GCM |
| aad | additional authenticated data | unused currently |
| ciphertext | encrypted payload | encrypted content. contains compressed file and extra dataencrypt(lzma(cbor([file, extraData])) |
| tag | authentication tag | |
| recipients | array containing information about a single recipient | contains information for the receiver to be able to decrypt the ciphertext |
OP_RETURN Format
For more information about OP_RETURN see here. The OP_RETURN arguments are structured as follows:
| Index | Description | Value |
|---|---|---|
| 0 | Protocol ID | "mB:peppol" |
| 1 | Peppol Envelope | Serialized JWE/JWS |
| 2 | Receiver pubkey | Public key of the receiver, intented for quick indexing |