Services/KeyExchange: Difference between revisions

Jump to navigation Jump to search

Services/KeyExchange (view source)

Revision as of 22:48, 8 December 2010

76 bytes removed ,  8 December 2010
→‎Overview
Line 42: Line 42:
   <li>The encryption and HMAC keys are derived from that 256 bit key using HMAC-SHA256.</li>
   <li>The encryption and HMAC keys are derived from that 256 bit key using HMAC-SHA256.</li>
   <li>In third round trip:
   <li>In third round trip:
<ul><li>Mobile encrypts the known message "0123456789ABCDEF" with the key, hashes the resulting ciphertext with HMAC-SHA256, and uploads it.</li>
<ul><li>Mobile encrypts the known message "0123456789ABCDEF" with the AES key and uploads it.</li>
<li>Desktop verifies that against the known message encrypted with its key, encrypts the credentials with the encryption key and uploads the encrypted credentials in turn, adding a HMAC-SHA256 hash of the ciphertext (using the HMAC key).</li>
<li>Desktop verifies that against the known message encrypted with its own key, encrypts the credentials with the encryption key and uploads the encrypted credentials in turn, adding a HMAC-SHA256 hash of the ciphertext (using the HMAC key).</li>
<li>Mobile verifies whether Desktop had the right key by checking the ciphertext against the HMAC-SHA256 hash.</li>
<li>Mobile verifies whether Desktop had the right key by checking the ciphertext against the HMAC-SHA256 hash.</li>
<li>If that verification is successful, Mobile decrypts ciphertext and applies credentials</li>
<li>If that verification is successful, Mobile decrypts ciphertext and applies credentials</li>
Line 66: Line 66:
                                 |<----- upload Desktop's message 2
                                 |<----- upload Desktop's message 2
retrieve Desktop's message 2 <---|
retrieve Desktop's message 2 <---|
compute key                      |             encrypt known value
compute key                      |
encrypt known value ------------>|
encrypt known value ------------>|
                                 |-------> retrieve encrypted value
                                 |-------> retrieve encrypted value
                                 |verify against local value & HMAC
                                 | verify against local known value
                                 |              encrypt credentials
                                 |              encrypt credentials
                                 |<------------- upload credentials
                                 |<------------- upload credentials
Philikon
canmove, Confirmed users
725

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/272794"

Navigation menu