Confirm
282
edits
Changes
→Email+Password -> SignToken
== Email+Password -> SignToken ==
The current stub just submits plaintext email+password and receives back (accountTokensignToken, kA, wrap(kB)). It uses no key-stretching, nor SRP.
The full replacement uses key-stretching to transform the email+password into a "masterKey", then feeds this into an SRP protocol to get a session key. It uses this session key to decrypt a bundle of encrypted data from the keyserver, resulting in three values: kA, wrap(kB), and the signToken.
The client recomputes the MAC, compares it (throwing an error if it doesn't match), extracts the ciphertext, XORs it with the derived respXORkey, then splits it into the separate kA/wrap(kB)/signToken values.
== Signing Certificates ==
