MozillaWiki

Services/KeyExchange: Difference between revisions

Page Discussion

Services/KeyExchange (view source)

Revision as of 22:43, 8 December 2010

90 bytes added ,  8 December 2010
→‎Overview
Line 42: Line 42:
   <li>The encryption and HMAC keys are derived from that 256 bit key using HMAC-SHA256.</li>
   <li>The encryption and HMAC keys are derived from that 256 bit key using HMAC-SHA256.</li>
   <li>In third round trip:
   <li>In third round trip:
<ul><li>Mobile hashes the key using SHA256d (=hash twice with SHA256) and uploads it.</li>
<ul><li>Mobile encrypts the known message "0123456789ABCDEF" with the key, hashes the resulting ciphertext with HMAC-SHA256, and uploads it.</li>
<li>Desktop verifies it against its key, encrypts the credentials with the encryption key and uploads the encrypted credentials in turn, adding a HMAC-SHA256 hash of the ciphertext (using the HMAC key).</li>
<li>Desktop verifies that against the known message encrypted with its key, encrypts the credentials with the encryption key and uploads the encrypted credentials in turn, adding a HMAC-SHA256 hash of the ciphertext (using the HMAC key).</li>
<li>Mobile verifies whether Desktop had the right key by checking the ciphertext against the HMAC-SHA256 hash.</li>
<li>Mobile verifies whether Desktop had the right key by checking the ciphertext against the HMAC-SHA256 hash.</li>
<li>If that verification is successful, Mobile decrypts ciphertext and applies credentials</li>
<li>If that verification is successful, Mobile decrypts ciphertext and applies credentials</li>
Philikon
canmove, Confirmed users
725

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/272790"