From 6572939e6ef26a7d458a34094e516ec09b990582 Mon Sep 17 00:00:00 2001 From: Joel Dudley Date: Wed, 4 Apr 2018 15:45:49 +0100 Subject: [PATCH] Link to X509Utils. Makes it clear they are only an example. --- docs/source/permissioning.rst | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/source/permissioning.rst b/docs/source/permissioning.rst index 81186269a3..ca4ed2ccb1 100644 --- a/docs/source/permissioning.rst +++ b/docs/source/permissioning.rst @@ -1,4 +1,4 @@ -Network permissioning + Network permissioning ===================== .. contents:: @@ -59,8 +59,8 @@ We can visualise the permissioning structure as follows: Keypair and certificate formats ------------------------------- -You can use any standard key tools or Corda's ``X509Utilities`` (which uses Bouncy Castle) to create the required -public/private keypairs and certificates. The keypairs and certificates should obey the following restrictions: +You can use any standard key tools to create the required public/private keypairs and certificates. The keypairs and +certificates must obey the following restrictions: * The certificates must follow the `X.509 standard `_ @@ -75,6 +75,10 @@ public/private keypairs and certificates. The keypairs and certificates should o * RSA with 3072-bit key size +.. note:: Corda's ``X509Utilities`` show how to generate the required public/private keypairs and certificates using + Bouncy Castle. You can find the ``X509Utilities`` in the `Corda repository `_, under + ``/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509Utilities.kt``. + Certificate role extension -------------------------- Corda certificates have a custom X.509 v3 extension that specifies the role the certificate relates to. This extension