cm/pub/

Public key is the [cm/signed/] structure.
Stored in a file, it should begin with "cm/pub" [encoding/MAGIC].

Its "/load/t" equals to "pub". "/load/v" contains "cm/pub/load":
[schemas/pub-load.tcl]

sub:
    Subject is a map of arbitrary strings. Currently no constraints on
    what fields must be present. Each application and usage context
    defines it on his own. But you may mimic X.509's subject with keys
    like "CN", "C", "O" and similar ones.
pub:
    Public key container itself may contain multiple public keys.
    That is *solely* intended for tasks requiring more than single
    key usage. For example NNCP uses one X25519 for (DH) encryption, one
    curve25519 for online authentication and one ed25519 for signing
    purposes. All those three keys are used together. That public key's
    key usage field must contain something like "nncp".
    => NNCP
    If your keypair is intended for general purposes like signing of
    arbitrary data, then single public key @strong{should} be used, with
    a key usage like "sig".
id:
    Public key(s)'s fingerprint *should* be generated as 256-bit
    hash hash of the encoded "pub" field. If not stated otherwise
    for specific algorithm.
ku:
    Intended public key(s) usage.
    Application-specific example with multiple public keys is described
    above. It *must* be absent if empty.
crit:
    Optional critical (in terms of X.509) extensions. Non-critical
    ones may be placed outside that map, directly in cm/pub/load.
    It *must* be absent if empty. Values are extension specific.

[cm/signed/]'s "sig-tbs" *must* contain additional fields: [schemas/pub-sig-tbs.tcl]

sid: Signing public key's fingerprint.
cid: Certification unique identifier. UUIDv7 is a good choice.
     But it may be UUIDv4, or any desired method of generation.
exp: Certification expiration period.
     It *must* contain TAI64 datetime (no nanoseconds).

Example minimal certified public key may look like:

    MAGIC cm/pub
    MAP {
      load {MAP {
        t {STR pub}
        v {MAP {
          id {BIN "6aee..."}
          pub {LIST {
            {MAP {
              a {STR ed25519-blake2b}
              v {BIN "c1bf..."}
            }}
          }}
          sub {MAP {
            N {STR test}
          }}
        }}
      }}
      sigs {LIST {
        {MAP {
          tbs {MAP {
            cid {HEXLET 01963308-1033-75a7-bfb6-7d3ab3db6d63}
            exp {LIST {
              {TAI64 "2025-04-14 06:41:28"}
              {TAI64 "2026-04-14 06:41:28"}
            }}
            sid {BIN "0087..."}
          }}
          sign {MAP {
            a {STR ed25519-blake2b}
            v {BIN "7450..."}
          }}
        }}
      }}
    }

Backlinks
cm/encrypted/index	`2025-05-08 15:48:30`
cm/index	`2025-05-08 11:43:53`
cm/pub/ed25519-blake2b	`2025-05-08 15:49:29`
cm/pub/gost3410	`2025-05-08 15:49:32`
cm/pub/mceliece6960119-x25519	`2025-05-08 15:49:37`
cm/pub/sntrup4591761-x25519	`2025-05-08 15:49:42`
cm/pub/sphincs+-shake-256f	`2025-05-08 15:49:45`
cm/signed/index	`2025-05-08 15:49:59`
schema/tcl	`2025-05-08 11:41:32`