Appendix A. Characters in CORE Names
CORE CORE allows using a subset of the ASCII printable characters (character code 32-127), including the following:
- Digits (0 - 9) and letters (A - Z, a - z).
- A subset of special characters that are neither letters nor digits.
Note
Using the extended character codes (128-255), such as various currency signs (e.g. €, £, ¥), is not allowed.
In addition, UTF-8 encoded characters may be used in the following CORE entity names:
- Partitions
- Roles
- Groups
Special Characters in UCL
UCL
Unbound Command Language commands are executed by the CLICommand Line Interface shell of the hosting OS. Characters that have special meaning in the CLICommand Line Interface shell must be escaped using the shell-specific escape character.
For example, is a common practice to use "!","$", and "%" in user passwords. However, "!" followed by a character triggers bash history function. It is OK to use Password1! because "!" is the last character in the string, but to use Password1!!! you have two options:
- Escape all "!" except the last one:
Password1\!\!! - Escape the complete string:
'Password1!!!'
Case Sensitivity in CORE Entity Names
- Names of the following CORE entities are case-sensitive:
- Keys
- Certificates
- Secrets
- Names of the following CORE entities are case-insensitive:
- Hostnames
- Partitions
- Clients
- Users
- Roles
- Groups
- Keystore names
Hostname Special Characters
The only permitted special character is dash (-).
Keystore Name Characters
Keystore name:
- Must include at least one letter or character.
- Must contain less than 256 characters.
- Must not include space.
- The only permitted special characters are:
- Underscore (
_) - Dash (
-) - Dot (
.)
- Underscore (
Keyname Permitted Characters
- Names of keys that are located in external keystores must comply with the external keystore requirements.
- A name of key, secret, or certificate that is located in CORE only can contain any ASCII printable character.
- Name with the following special characters is presented "as is" (using printable characters):
- Ampersand (
@) - Dash (
-) - Dot (
.) - Space, if the name is escaped by a pair of 'single quotes'.
- Ampersand (
- Name with any other special character is presented using the ASCII encoding of all characters in the name, prefixed with "
0x". ". For example, a key named "a_b" is presented using the three characters' hexadecimal encoding "0x615f62"..
However, for compatibility with certain PKCSPublic-Key Cryptography Standards - Industry-standard cryptography specifications.#11 implementations, UCLUnbound Command Language presents the name of a key that has special characters as follows:
Note
CORE UI presents all characters as-is.
Key-group Name Characters
Key-group names are:
- Trimmed from leading and trailing spaces.
- Can't contain the space character.
Client Name Characters
Client name may contain
- Letters 'a' through 'z' (case-insensitive)
- Digits '0' through '9'
- Dash (
-) - Underscore (
_)
Username Characters
A user name can contain any ASCII printable character except for the following:
- Space or question mark
( ), (?) - Forward or backward slash
(/), (\) - Left-square or right-square bracket
([), (]) - Left-angle or right-angle bracket
(<), (>) - Colon or semicolon
(:), (;) - Equal or plus sign
(=), (+) - Asterisk, double-quote, or ampersand
(*), ("), (@) - Delete
Password Characters
User passwords may contain any ASCII printable characters (character code 32-127) except SPACE and DELETE characters.
All special characters are permitted, however, only these ones are counted as mandatory special characters:
@ # $ % ^ & + = !
Note
It is a common practice to use "!", "$", and "%" in user passwords. Yet, these characters may have special meaning in the OS shell that executes the CORE CLICommand Line Interface commands. To use passwords as script variables, enclose them in single quotes: --password '<Password>', escape using backslash Password1\!\!, or use any other method specified by the OS shell.
REST URI Characters
Special characters provided in the HTTP headers of the CORE RESTRepresentational State Transfer (REST) - an architectural style that defines a set of constraints and properties based on HTTP. Web Services that conform to the REST architectural style, or RESTful web services, provide interoperability between computer systems on the Internet. calls must comply with the URI Percent-encoding requirements.
For example:
- Base AuthenticationProcess used to achieve sufficient confidence in the binding between the Entity and the presented Identity. of the caller (
UserName@PartitionName:Password) is combined from the following components:- User name
- Partition name
- User password in the partition
Any special characters in these elements must be encoded using percent-encoding.
- URI parameters specified by the call (following the ? separator) must comply with these requirements.
Note
In particular, character % must be replaced with its URI encoding %25.
CSR Distinguished Name Special Characters
CSRCertificate Signing Request - a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate Distinguished Name (DNAME) includes the following components:
- CN: CommonName
- OU: OrganizationalUnit
- O: Organization
- L: Locality
- S: StateOrProvinceName
- C: CountryName
A DNAME is a string of these component-value pairs separated by a comma. For example:
"CN=Provider, OU=Support&Sales, O=AB&C Ltd., L=St. Louis, ST=Missouri, C=US"
Note that
- Components are separated by the comma (,) character.
- Spaces, dots, and other characters (&) can be used in the value part of each component.
Note
Because the comma and double-quote characters are used as the separators, their use in the value part has to be escaped. For example, O=AB&C, Ltd. must be encoded as O=AB&C\, Ltd.
The following characters in the value part of the component-value pair must be escaped using the backward slash (\):
- Comma
(,) - Backward slash
(\) - Left-angle or right-angle bracket
(<), (>) - Semicolon
(;) - Equal or plus sign
(=), (+) - Double-quote
(")