133
edits
Firefox OS/Remote Control: Difference between revisions
Jump to navigation
Jump to search
→Architecture Designs: Add steps of key exchange
(→Architecture Designs: Add block diagram description) |
(→Architecture Designs: Add steps of key exchange) |
||
| Line 23: | Line 23: | ||
# PIN code pairing (optional, by user settings) | # PIN code pairing (optional, by user settings) | ||
# Control event processing | # Control event processing | ||
=== Establish secure connection === | |||
Remote control is designed to protect data transmitted between client and server, for example: user input string may contains privacy data. Client is forced to exchange symmetric key (AES-GCM) with server in the first time. After key exchange, server uses UUID in cookie to identify client and key to decrypt messages. Following describes how keys are exchanged: | |||
# User opens the URL | |||
# Client requests page without valid UUID. | |||
# Server response secure.html as requested page for key exchange. | |||
# Client acquire RSA public key from secure.sjs. | |||
# Secure.sjs replies RSA public key SPKI in base64. | |||
# Client import RSA public key and wrap symmetric key. | |||
# Client sends wrapped symmetric key to secure.sjs in base64. | |||
# Secure.sjs replies with a ticket number. | |||
# Secure.sjs unwraps symmetric key with RSA private key. | |||
# Secure.sjs saves symmetric key. | |||
# Remote Control Service generates a new UUID, encrypted with symmetric key and binds encrypted UUID with ticket number. | |||
# Client polls encrypted UUID from secure.sjs. | |||
# Client decrypt received UUID to double confirm server receives correct symmetric key. | |||
# Client reloads the URL with UUID. | |||
=== PIN code pairing === | |||
=== Control event processing === | |||