-
Notifications
You must be signed in to change notification settings - Fork 17
Proposal: Introduce Coverage of Encryption and Compression in File Objects
Ivan Kirillov edited this page Jan 8, 2014
·
5 revisions
Status: Closed
Comment Period Closes: 01/02/2014
Affects Backwards Compatibility: No
Relevant Issues: https://github.com/CybOXProject/schemas/issues/237
This proposal concerns the File Object and its ability to accurately characterize files that have been encrypted and/or compressed. The File Object currently does not have fields to represent encryption or compression, hence the purpose for this proposal.
The FileObjectType in the File Object will be expanded with the following fields:
| Field | Datatype | Description |
|---|---|---|
| Encryption_Algorithm | cyboxCommon:CipherType |
The Encryption_Algorithm field specifies the algorithm used to encrypt the file. |
| Decryption_Key | cyboxCommon:StringObjectPropertyType |
The Encryption_Key field specifies the key used to encrypt the file. |
| Compression_Method | cyboxCommon:StringObjectPropertyType |
The Compression_Method field specifies the method used to compress the file. |
| Compression_Version | cyboxCommon:StringObjectPropertyType |
The Compression_Version field specifies the version of the compression method used to compress the file. |
| Compression_Comment | cyboxCommon:StringObjectPropertyType |
The Compression_Comment field specifies the comment string associated with the compressed file. |
Within cyboxCommon the cyboxCommon:CipherType was created to support the enumeration of various encryption cipher types.
No other datatypes are effected by this change and there are no foreseen backwards compatibility issues.
- Do these additional fields and their annotations make sense?
- Are there any other fields that should be added for complete characterization of encryption and compression?