The SDMP makes use of RSA keys, transferred inside JSON objects, which are defined using JSON Schema. Similarly, signed and encrypted data is stored inside defined JSON objects.
Cryptography
Key pairs are generated using RSA, asymmetric keys are generated using AES, and hashing uses SHA-512. String representations of hashes are encoded as base64url.
Container
Every object inside the SDMP is a type of container. A container is a JSON object which references JSON Schemas, which describe what type of data is in the object. The schemas are also used to validate the object.
Identity
There are two identities: users and nodes. Users authorize nodes to publish content. An identity is the container object with the public key of the user or node. Users authorize nodes to publish content by signing a trust.
Encryption/Decryption
Encryption of an object is done by generating an AES key, encrypting the data to that key, and then encrypting the AES key to the public key of all recipients. Decryption is the reverse.
Sign/Verify
RSA signatures are stored in containers. The signed data must be a container object.