Services/KeyExchange: Difference between revisions

Jump to navigation Jump to search

Services/KeyExchange (view source)

Revision as of 20:55, 1 November 2010

232 bytes added ,  1 November 2010
→‎Overview
Line 40: Line 40:
   <li>Mobile and Desktop complete the two roundtrips of JPAKE messages to agree upon a secret key.</li>
   <li>Mobile and Desktop complete the two roundtrips of JPAKE messages to agree upon a secret key.</li>
   <li>The secret key is the sha256 hash of the K number, as returned by python-jpake.</li>
   <li>The secret key is the sha256 hash of the K number, as returned by python-jpake.</li>
   <li>In third round trip, Mobile hashes the key using SHA256d (=hash twice with SHA256) and uploads it. Desktop verifies it against its key and uploads the encrypted credentials in turn, adding a SHA256-HMAC hash of the ciphertext. Mobile verifies whether Desktop had the right key by checking the ciphertext against the SHA256-HMAC hash.</li>
  <li>The encryption key is <code>SHA256("encrypt:" + key)</code>, the HMAC key is <code>SHA256("hmac:" + key)</code> </li>
   <li>In third round trip:
<ul><li>Mobile hashes the key using SHA256d (=hash twice with SHA256) and uploads it.</li>
<li>Desktop verifies it against its key, encrypts the credentials with the encryption key and uploads the encrypted credentials in turn, adding a SHA256-HMAC hash of the ciphertext (using the HMAC key).</li>
<li>Mobile verifies whether Desktop had the right key by checking the ciphertext against the SHA256-HMAC hash.</li>
</ul></li>
</ul>
</ul>


Philikon
canmove, Confirmed users
725

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/264850"

Navigation menu