ANTRequest's ANTzip Specification (Version 0.0.1)

this Standard Depends on FaviDiD and PlanetSpec.

ANT.zip and ANT.enx (ENcrypted eXchange) are a signed format and an encrypted format respectively. they are used throughout the Favispecs which defines all sorts of use cases.

Table Of Contents

Table Of Contents

Status of this document

this document written on Mon Mar 09 2026 is Semantic version 0.0.1. this document is self-published independently.

This Specification uses external references

• The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
• PNG (Wikipedia)
• ZIP (Wikipedia)
• DEFLATE (Wikipedia)
• JSON (Wikipedia)

ANT.zip

The Zipfile Structure

to be a valid ANT.zip, the file MUST

• Be a valid Zip Archive.
• Use the DEFLATE algorithm.
• Have a file called ANT.json in the ziproot.
• Have a file called ANT.sig in the ziproot.

The ANT.json Structure

to be a valid ANT.json, the file MUST

• The Root Object MUST have a did key set to the author's FaviDiD.
• The Root Object MUST have a Compat Object at the compat key.
• The Root Object MUST have a key called fileIntegrity with an array of fileIntegrity objects.

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "ANT.zip Configuration",
  "type": "object",
  "required": [
    "specVersion",
    "did",
    "fileIntegrity"
  ],
  "properties": {
    "did": {
      "type": "string",
      "pattern": "^did:favidid:ed25519:[1-9A-HJ-NP-Za-km-z]+$",
      "description": "the signer's did"
    },
    "specVersion": {
      "type": "string",
      "pattern": "^0\\.0\\.1$",
      "description": "the specification version. MUST be matched against the specification for disambiguation. in this schema it MUST be {\"0.0.1\"}. SHOULD be matched to disambiguate specifics of a ANT.zip spec",
      "$comment": "in terms of regex it must be {\"^\\d+\\.\\d+\\.\\d+$\"}"
    },
    "fileIntegrity": {
      "type": "array",
      "description": "MUST be an array of {{fileIntegrity}} objects",
      "items": {
        "$ref": "#/definitions/fileIntegrity"
      }
    }
  },
  "definitions": {
    "fileIntegrity": {
      "type": "object",
      "description": "a layer",
      "required": [
        "path",
        "integrity"
      ],
      "properties": {
        "path": {
          "type": "string",
          "description": "the File's path relative to {\"ANT.json\"}, MUST start with {\"/\"}. MUST be Normalized."
        },
        "integrity": {
          "type": "string",
          "pattern": "^(?:SHA(?:256|512)|BLAKE3)-[1-9A-HJ-NP-Za-km-z]+$",
          "description": "the algorithm and a base58 (bitcoin alphabet) hash of that hash function"
        },
        "mimetype": {
          "type": "string",
          "pattern": "^[a-z]+/[a-z\\-]+(?:\\+[a-z]+)?$",
          "description": "the File's media type"
        }
      }
    }
  }
}

The Root Object

The fileIntegrity Object

Signing it

to sign an ANT.zip sign the ANT.json with the user's Private-Key and put it in ANT.sig

PathSanitization

While the Full Path Sanitization is implementation-defined, implementations MUST make sure the path follows these rules.

• File names and directory names MUST NOT contain any of the following characters:
  • \
  • /
  • :
  • *
  • ?
  • "
  • <
  • >
  • |
  These characters are forbidden on Windows; restricting them ensures maximum cross-platform interoperability.
• Paths MUST use / as the path separator.
• Paths MUST NOT contain upward directory indicators (..) or current directory indicators (.).
• Paths MUST NOT reference any files located outside the ZIPRoot.

Application Behavior

Implementations MUST handle errors gracefully to maintain user data integrity. If a required file is missing, the application SHOULD NOT crash, but rather notify the user. If the ANT.json file is invalid or corrupted, the application MUST alert the user and refuse to load the data. Sanitization of file paths is REQUIRED to prevent path traversal vulnerabilities.

other than that programs SHOULD attempt to do the following when a spec Violation Occurs:

A Path references a file outside the ZIPRoot.

A Path references a no file nor directory.

Alert the user and refuse to load the data.

A Path contains an upward directory indicators (..) or current directory indicators (.).

Traverse the path. if it is within the ZIPRoot the implementation SHOULD NOT load that path. if the implementation does not want to do that or the path references a file outside the ZIPRoot they MAY alert the user and refuse to load the data, as the upward directory indicators (..) and current directory indicators (.) are technically spec violations.

A Path contains Invalid Characters

Alert the user and refuse to load the data.

A Path's file does not match the integrity claimed in the ANT.json.

The ANT.json doesnt verify with the ANT.sig.

A path's File is missing.

A JSON schema Required property is missing or otherwise violates the schema

mark the entire ANT.zip as Untrusted

when an ANT.zip is marked as Untrusted, a Program MUST notify the user of the Untrusted status, a Program SHOULD be specific about what error was violated.

ANT.enx

Encrypt_ANT_Zip (ANTZip, Public-Key-Recipient)

to create an ANT.enx from an ANT.zip (ANTZip), MUST follow these steps.

• Validate ANTZip using the Requirements above Or Throw.
• Set $XKeyPublic to converting the raw bytes of Public-Key-Recipient interpreted as Ed25519 to X25519.
• Set $ANTZip to a newly created ANT.zip archive.
• Set $ANTZip-Encrypted to the result of encrypting ANTZip using XChaCha20-Poly1305 and $XKeyPublic as public key.
• Add $ANTZip-Encrypted to $ANTZip as "/ANT.enx".
• Set $ANTZip's file extension to "enx".
• Sign $ANTZip.
• Return $ANTZip.