Skip to content

feat: Add TDF-JSON and TDF-CBOR format support#37

Merged
arkavo-com merged 7 commits intomainfrom
feature/tdf-json-cbor-formats
Jan 18, 2026
Merged

feat: Add TDF-JSON and TDF-CBOR format support#37
arkavo-com merged 7 commits intomainfrom
feature/tdf-json-cbor-formats

Conversation

@arkavo-com
Copy link
Contributor

@arkavo-com arkavo-com commented Jan 18, 2026
edited
Loading

Summary

Implement TDF-JSON and TDF-CBOR inline payload formats per specifications:

TDF-JSON Format

  • TDFJSONFormat.swift: Envelope, manifest, and payload types with Codable conformance
  • TDFJSONContainer.swift: Container, builder, loader, decryptor
  • Base64-encoded inline payloads optimized for JSON transmission

TDF-CBOR Format

  • TDFCBORFormat.swift: Envelope with integer keys per spec section 3.1
  • TDFCBORContainer.swift: Container, builder, loader, decryptor
  • Binary payloads (no base64 encoding) for optimal efficiency
  • SwiftCBOR dependency for CBOR serialization
  • Self-describe CBOR tag (55799) magic bytes for format detection

Format Detection

  • TDFFormatDetector.swift: Auto-detect format from magic bytes
  • Support for .archive, .nano, .json, .cbor format kinds
  • Detection by file content or extension

CLI Integration

  • Add json/cbor formats to CLIDataFormat enum
  • Add encrypt/decrypt commands for both formats
  • Update verify command to use TDFFormatDetector
  • Add supports command for json/cbor features

Dependencies

  • Add SwiftCBOR package for CBOR encoding/decoding

Test plan

  • swift build passes
  • CLI supports encrypt/decrypt for json and cbor formats
  • Format detection works for all TDF types
  • Cross-SDK interoperability testing with Rust SDK

Cross-SDK Test Results

                    | Read by RUST | Read by SWIFT
  ------------------|--------------|---------------
  RUST  → TDF-JSON  |     N/A      |      ✓        
  RUST  → TDF-CBOR  |     N/A      |      ✓        
  SWIFT → TDF-JSON  |      ✓       |     N/A       
  SWIFT → TDF-CBOR  |      ✓       |     N/A

File Size Comparison (20 byte input):

Format RUST Created SWIFT Created
TDF-JSON 1593 bytes 1354 bytes
TDF-CBOR 1024 bytes 1244 bytes

CBOR is 10-40% smaller than JSON depending on implementation.

Usage Examples

# Encrypt to TDF-JSON
OpenTDFKitCLI encrypt input.txt output.json json

# Decrypt TDF-JSON
OpenTDFKitCLI decrypt output.json recovered.txt json

# Encrypt to TDF-CBOR
OpenTDFKitCLI encrypt input.txt output.cbor cbor

# Verify any TDF format (auto-detected)
OpenTDFKitCLI verify output.cbor

🤖 Generated with Claude Code

arkavo-com and others added 7 commits January 17, 2026 20:11
@arkavo-com @claude
feat: Add TDF-JSON and TDF-CBOR format support
da9937c 
Implement TDF-JSON and TDF-CBOR inline payload formats per specifications:
- https://github.com/arkavo-org/specifications/blob/main/tdf-json/draft-00.md
- https://github.com/arkavo-org/specifications/blob/main/tdf-cbor/draft-00.md

TDF-JSON Format:
- TDFJSONFormat.swift: Envelope, manifest, and payload types
- TDFJSONContainer.swift: Container, builder, loader, decryptor
- Base64-encoded inline payloads for JSON transmission

TDF-CBOR Format:
- TDFCBORFormat.swift: Envelope with integer keys per spec section 3.1
- TDFCBORContainer.swift: Container, builder, loader, decryptor
- Binary payloads (no base64 encoding)
- SwiftCBOR dependency for CBOR serialization
- Self-describe CBOR tag (55799) magic bytes

Format Detection:
- TDFFormatDetector.swift: Auto-detect format from magic bytes
- Support for .archive, .nano, .json, .cbor format kinds

CLI Integration:
- Add json/cbor formats to CLIDataFormat enum
- Add encrypt/decrypt commands for both formats
- Update verify command to use TDFFormatDetector
- Add supports command for json/cbor features

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@arkavo-com @claude
feat: Use EC key wrapping by default for TDF-JSON and TDF-CBOR
795e9b5 
Switch from RSA-2048 OAEP to ECIES (ECDH + HKDF + AES-GCM) key wrapping
for TDF-JSON and TDF-CBOR formats by default.

Changes:
- TDFJSONContainer: Use wrapSymmetricKeyWithEC instead of wrapSymmetricKeyWithRSA
- TDFCBORContainer: Use wrapSymmetricKeyWithEC instead of wrapSymmetricKeyWithRSA
- Both now include ephemeralPublicKey in the key access object

Benefits:
- ~33% smaller key wrapping data (230 vs 344 base64 chars)
- 6-7% smaller total file size
- Modern elliptic curve cryptography
- Cross-SDK compatible with Rust implementation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@arkavo-com @claude
refactor: Use compressed EC points for smaller ephemeral keys
db3ce15 
Change ephemeral public key encoding from PEM (uncompressed, ~140 bytes)
to base64 SEC1 compressed format (44 bytes for P-256).

Savings:
- P-256: 65 bytes uncompressed → 33 bytes compressed (50% reduction)
- Total file size: ~100 bytes smaller per TDF

The unwrap function now supports both formats for backwards compatibility:
- Base64 SEC1 compressed (new default)
- PEM format (legacy)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@arkavo-com @claude
feat(tdf-cbor): Use integer enums for payload encoding (~52 bytes sav…
f9079ec 
…ings)

Update TDF-CBOR payload encoding to use integer keys and enum values
per spec section 1.5 for maximum size efficiency.

Changes:
- Add TDFCBORPayloadKey enum with integer key constants (1-6)
- Add TDFCBOREnums with payload type/protocol enum values
- Update toCBORData() to encode payload with integer keys and enums
- Update fromCBORData() to decode both integer (new) and string (legacy) formats

Payload encoding changes:
- Key 1 (type): 0=inline, 1=reference (was string "inline")
- Key 2 (protocol): 0=binary, 1=binary-chunked (was string "binary")
- Key 3 (mimeType): string (unchanged)
- Key 4 (isEncrypted): bool (unchanged)
- Key 6 (value): bstr (unchanged)

Size savings: ~52 bytes per TDF document from enum optimization.
Reading supports both formats for cross-SDK compatibility.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@arkavo-com @claude
Deprecate NanoTDF in favor of TDF-CBOR
266311c 
- Add deprecation notices to NanoTDF struct and createNanoTDFv12 function
- Add deprecation notice to NanoTDFCollectionBuilder
- Fix TDFCBORFormat.swift for native manifest encoding compatibility
- Add NanoTDF to TDF-CBOR migration guide at docs/NANOTDF_MIGRATION.md

The migration guide documents:
- Why TDF-CBOR is preferred (standard format, full manifest, assertions)
- Step-by-step migration from NanoTDF to TDF-CBOR API
- CLI migration examples
- Size comparison between formats

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@arkavo-com @claude
fix: Address PR #37 code review feedback and fix lint issues
ad25a10 
- Fix array bounds access in error message (KASRewrapClient.swift:706)
- Extract shared decryption logic to TDFCrypto.decryptCombinedPayload()
- Add assertions CBOR encoding/decoding support
- Fix swiftformat lint issues across all modified files

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@arkavo-com @claude
fix: Address SonarCloud code quality issues
7235633 
- Add explanatory comments to empty init() functions (builder pattern)
- Fix ternary operators returning same value on both branches
- Add missing encryptionTypeRemote enum value
- Simplify single-option enum selections (protocol=kas, algorithm=AES-256-GCM)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 18, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
8.2% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

@arkavo-com arkavo-com merged commit 5cb03a8 into main Jan 18, 2026
6 of 7 checks passed
@arkavo-com arkavo-com deleted the feature/tdf-json-cbor-formats branch January 18, 2026 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@arkavo-com