canmove, Confirmed users
725
edits
Services/Sync/Developer/StorageFormat: Difference between revisions
Jump to navigation
Jump to search
Services/Sync/Developer/StorageFormat (view source)
Revision as of 14:23, 23 July 2010
, 23 July 2010→Payload: crypto/
| Line 257: | Line 257: | ||
---- | ---- | ||
= Payload: crypto/ | = Payload: crypto/<engine> = | ||
This keyring contains the symmetric key used to encrypt/decrypt Encrypted Data Objects. | This keyring contains the symmetric key used to encrypt/decrypt Encrypted Data Objects. | ||
== Version | == Version 3 == | ||
Like Version 2, except the URLs in the '''keyring''' hash are now relative to the symmetric key's URL. | |||
{| cellpadding=5 | == Version 2 == | ||
! keyring | |||
| object | The following describes the JS-object represented by the JSON-string payload: | ||
| A hash with fields of key urls used to decrypt the field's value of an object containing the wrapped symmetric key | |||
{| cellpadding="5" | |||
|- | |||
! keyring | |||
| object | |||
| A hash with fields of key urls used to decrypt the field's value of an object containing the wrapped symmetric key | |||
|} | |} | ||
The following describes the JS-object for <tt>keyring</tt>: | The following describes the JS-object for <tt>keyring</tt>: | ||
{| cellpadding=5 | {| cellpadding="5" | ||
! wrapped | |- | ||
| string | ! wrapped | ||
| string | |||
| The encrypted symmetric key that is decrypted using the key located at the url that indexed to this entry | | The encrypted symmetric key that is decrypted using the key located at the url that indexed to this entry | ||
|- | |- | ||
! hmac | ! hmac | ||
| string | | string | ||
| SHA256 HMAC of <tt>wrapped</tt> and the key derived from the decrypted base64 private key string that would be used to decrypt the <tt>wrapped</tt> key | | SHA256 HMAC of <tt>wrapped</tt> and the key derived from the decrypted base64 private key string that would be used to decrypt the <tt>wrapped</tt> key | ||
|} | |} | ||
== Changes from v1 - | == Changes from v1 -> v2 == | ||
There is only one field, <tt>keyring</tt>, in the <tt>payload</tt> now that <tt>bulkIV</tt> is removed. | There is only one field, <tt>keyring</tt>, in the <tt>payload</tt> now that <tt>bulkIV</tt> is removed. | ||
The <tt>keyring</tt> object still has field entries of the key to decrypt the wrapped symmetric key, but instead of the wrapped key being the value of the field, it is now an object with two fields: <tt>wrapped</tt> and <tt>hmac</tt>. The wrapped symmetric key from v1 is now the value of <tt>wrapped</tt>. The <tt>hmac</tt> can be used to verify that the wrapped key has not been tampered with. | The <tt>keyring</tt> object still has field entries of the key to decrypt the wrapped symmetric key, but instead of the wrapped key being the value of the field, it is now an object with two fields: <tt>wrapped</tt> and <tt>hmac</tt>. The wrapped symmetric key from v1 is now the value of <tt>wrapped</tt>. The <tt>hmac</tt> can be used to verify that the wrapped key has not been tampered with. | ||
== Version 1 == | == Version 1 == | ||
The following describes the JS-object represented by the JSON-string payload: | The following describes the JS-object represented by the JSON-string payload: | ||
{| cellpadding=5 | {| cellpadding="5" | ||
! bulkIV | |- | ||
| string | ! bulkIV | ||
| string | |||
| Initialization vector used to encrypt/decrypt all data for the corresponding engine | | Initialization vector used to encrypt/decrypt all data for the corresponding engine | ||
|- | |- | ||
! keyring | ! keyring | ||
| object | | object | ||
| A hash with fields of key urls used to decrypt the field's value of a wrapped symmetric key | | A hash with fields of key urls used to decrypt the field's value of a wrapped symmetric key | ||
|} | |} | ||