Confirm
471
edits
Changes
→Decrypting the getToken2 Response
The SRP session key ("srpK") is used to derive two other keys: respHMACkey and respXORkey.
[[File:PICL-IdPAuth-decryptSignToken1encrypt-session.png|Decrypting the signToken 1sessionToken and keyFetchToken]]
The respXORkey is used to encrypt the concatenated kA/wrap(kB)/token string, by simply XORing the two. This ciphertext is then protected by a MAC, using HMAC-SHA256, keyed by respHMACkey. The MAC is appended to the ciphertext, and the whole bundle is returned to the client.
[[File:PICL-IdPAuth-decryptSignToken2keys-server.png|Decrypting the signToken 2keyFetchToken: server encrypts keys]] [[File:PICL-IdPAuth-keys-client.png|keyFetchToken: client decrypts keys]]
The client recomputes the MAC, compares it (throwing an error if it doesn't match), extracts the ciphertext, XORs it with the derived respXORkey, then splits it into the separate kA/wrap(kB)/token values.
