rfc/specs/waku/v1/envelope-data-format.md

---
title: Envelope data field
version: 0.1.0
status: Draft
authors: Oskar Thorén <oskar@status.im>, Dean Eigenmann <dean@status.im>
redirect_from:
  - /waku/envelope-data-format.html
---

## Table of Contents

 1. [Abstract](#abstract)
 2. [Specification](#specification)
    1. [ABNF](#abnf)
    2. [Signature](#signature)
    3. [Padding](#padding)
 3. [Copyright](#copyright)

## Abstract

This specification describes the encryption, decryption and signing of the content in the [data field used in Waku](waku.md#abnf-specification).

## Specification

The `data` field is used within the `waku envelope`, the field MUST contain the encrypted payload of the envelope.

The fields that are concatenated and encrypted as part of the `data` field are:
 - flags
 - auxiliary field
 - payload
 - padding
 - signature
 
In case of symmetric encryption, a `salt`  (a.k.a. AES Nonce, 12 bytes) field MUST be appended. 

### ABNF

Using [Augmented Backus-Naur form (ABNF)](https://tools.ietf.org/html/rfc5234) we have the following format:

```abnf
; 1 byte; first two bits contain the size of auxiliary field, 
; third bit indicates whether the signature is present.
flags           = 1OCTET

; contains the size of payload.
auxiliary-field = 4*OCTET

; byte array of arbitrary size (may be zero)
payload         = *OCTET

; byte array of arbitrary size (may be zero).
padding         = *OCTET

; 65 bytes, if present.
signature       = 65OCTET

; 2 bytes, if present (in case of symmetric encryption).
salt            = 2OCTET

data        = flags auxiliary-field payload padding [signature] [salt]
```

### Signature

Those unable to decrypt the envelope data are also unable to access the signature. The signature, if provided, is the ECDSA signature of the Keccak-256 hash of the unencrypted data using the secret key of the originator identity. The signature is serialized as the concatenation of the `R`, `S` and `V` parameters of the SECP-256k1 ECDSA signature, in that order. `R` and `S` MUST be big-endian encoded, fixed-width 256-bit unsigned. `V` MUST be an 8-bit big-endian encoded, non-normalized and should be either 27 or 28.

### Padding

The padding field is used to align data size, since data size alone might reveal important metainformation. Padding can be arbitrary size. However, it is recommended that the size of Data Field (excluding the Salt) before encryption (i.e. plain text) SHOULD be factor of 256 bytes.

## Copyright

Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).
update 2020-02-20 15:35:00 +00:00			`---`
fix 2020-02-20 15:51:53 +00:00			`title: Envelope data field`
update 2020-02-20 15:44:00 +00:00			`version: 0.1.0`
			`status: Draft`
update 2020-02-20 15:35:00 +00:00			`authors: Oskar Thorén <oskar@status.im>, Dean Eigenmann <dean@status.im>`
fix/redirects (#110) * cleans up footnotes * fixes redirects * Update _config.yml 2020-03-11 11:37:08 +00:00			`redirect_from:`
			`- /waku/envelope-data-format.html`
update 2020-02-20 15:35:00 +00:00			`---`
spec/envelope (#76) * moved spec, still needs some rewriting * fix * added abstract * rewrote * add to readme * Update edf.md * Update edf.md * Update edf.md Co-Authored-By: kdeme <kim.demey@gmail.com> * rename 2019-12-16 05:05:11 +00:00
			`## Table of Contents`

			`1. [Abstract](#abstract)`
			`2. [Specification](#specification)`
			`1. [ABNF](#abnf)`
			`2. [Signature](#signature)`
			`3. [Padding](#padding)`
			`3. [Copyright](#copyright)`

			`## Abstract`

Be consistent in usage of terms packet, message and envelope (#123) 2020-05-18 13:06:31 +00:00			`This specification describes the encryption, decryption and signing of the content in the [data field used in Waku](waku.md#abnf-specification).`
spec/envelope (#76) * moved spec, still needs some rewriting * fix * added abstract * rewrote * add to readme * Update edf.md * Update edf.md * Update edf.md Co-Authored-By: kdeme <kim.demey@gmail.com> * rename 2019-12-16 05:05:11 +00:00
			`## Specification`

Be consistent in usage of terms packet, message and envelope (#123) 2020-05-18 13:06:31 +00:00			The `data` field is used within the `waku envelope`, the field MUST contain the encrypted payload of the envelope.
spec/envelope (#76) * moved spec, still needs some rewriting * fix * added abstract * rewrote * add to readme * Update edf.md * Update edf.md * Update edf.md Co-Authored-By: kdeme <kim.demey@gmail.com> * rename 2019-12-16 05:05:11 +00:00
			The fields that are concatenated and encrypted as part of the `data` field are:
			`- flags`
			`- auxiliary field`
			`- payload`
			`- padding`
			`- signature`

			In case of symmetric encryption, a `salt` (a.k.a. AES Nonce, 12 bytes) field MUST be appended.

			`### ABNF`

			`Using [Augmented Backus-Naur form (ABNF)](https://tools.ietf.org/html/rfc5234) we have the following format:`

Update wedf.md 2019-12-17 15:10:22 +00:00			```abnf
spec/envelope (#76) * moved spec, still needs some rewriting * fix * added abstract * rewrote * add to readme * Update edf.md * Update edf.md * Update edf.md Co-Authored-By: kdeme <kim.demey@gmail.com> * rename 2019-12-16 05:05:11 +00:00			`; 1 byte; first two bits contain the size of auxiliary field,`
			`; third bit indicates whether the signature is present.`
			`flags = 1OCTET`

			`; contains the size of payload.`
			`auxiliary-field = 4*OCTET`

			`; byte array of arbitrary size (may be zero)`
			`payload = *OCTET`

			`; byte array of arbitrary size (may be zero).`
			`padding = *OCTET`

			`; 65 bytes, if present.`
			`signature = 65OCTET`

			`; 2 bytes, if present (in case of symmetric encryption).`
			`salt = 2OCTET`

Add missing packet types to abnf + abnf minor fixes (#146) 2020-07-06 12:55:34 +00:00			`data = flags auxiliary-field payload padding [signature] [salt]`
spec/envelope (#76) * moved spec, still needs some rewriting * fix * added abstract * rewrote * add to readme * Update edf.md * Update edf.md * Update edf.md Co-Authored-By: kdeme <kim.demey@gmail.com> * rename 2019-12-16 05:05:11 +00:00			```

			`### Signature`

github-actions-readme-spelling (#127) * Create main.yml * Delete .travis.yml * Update README.md * Update main.yml * Create wordlist.txt * Update README.md * Create spellcheck.yaml * Update wordlist.txt * Update wordlist.txt * Update spellcheck.yaml * Update wordlist.txt * Update mvds-metadata.md * Update wordlist.txt * spelling * more * fixes * filter comments * spelling corrections, wordlist * more fixes * formt * undid * filter * remove * url * i think thats it * fix * removed to test * sorted * Update spellcheck.yaml * Update main.yml * trying * Update wordlist.txt * Update wordlist.txt * Update wordlist.txt * Update README.md * Update wordlist.txt 2020-05-20 07:03:40 +00:00			Those unable to decrypt the envelope data are also unable to access the signature. The signature, if provided, is the ECDSA signature of the Keccak-256 hash of the unencrypted data using the secret key of the originator identity. The signature is serialized as the concatenation of the `R`, `S` and `V` parameters of the SECP-256k1 ECDSA signature, in that order. `R` and `S` MUST be big-endian encoded, fixed-width 256-bit unsigned. `V` MUST be an 8-bit big-endian encoded, non-normalized and should be either 27 or 28.
spec/envelope (#76) * moved spec, still needs some rewriting * fix * added abstract * rewrote * add to readme * Update edf.md * Update edf.md * Update edf.md Co-Authored-By: kdeme <kim.demey@gmail.com> * rename 2019-12-16 05:05:11 +00:00
			`### Padding`

Be consistent in usage of terms packet, message and envelope (#123) 2020-05-18 13:06:31 +00:00			`The padding field is used to align data size, since data size alone might reveal important metainformation. Padding can be arbitrary size. However, it is recommended that the size of Data Field (excluding the Salt) before encryption (i.e. plain text) SHOULD be factor of 256 bytes.`
spec/envelope (#76) * moved spec, still needs some rewriting * fix * added abstract * rewrote * add to readme * Update edf.md * Update edf.md * Update edf.md Co-Authored-By: kdeme <kim.demey@gmail.com> * rename 2019-12-16 05:05:11 +00:00
			`## Copyright`

			`Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).`