Confirm
358
edits
Changes
→Shared Secrets File
'''The metadata token is encrypted'''
== Shared Secrets File ==
Each Service Node has a unique secret Master Secret per Node it serves, it shares with the Login Server. A secret Master Secret is a timestamp rounded to the second, followed by a column, and a pseudo-random hex string of 256 chars from [a-f0-9].
Example of generating such string:
>>> print '%d:%s' % (int(time.time()), binascii.b2a_hex(os.urandom(256))[:256])
1326322983:646dc48...4ad86dca82d
(XXX crypto review required, not sure if this is the best/correct way to use HKDF for this purpose)
The Master Secret is used to derive keys for various cryptographic routines. At startup time, the Login Server and Node should pre-calculate and cache the signing key and encryption key as follows:
* sig-secret: HKDF(master-secret, salt=None, info="SIGNING", size=digest-length)
* enc-secret: HKDF(master-secret, salt=None, info="ENCRYPTION", size=aes-key-length)
By using a no salt (or a fixed salt) these secrets can be calculated once and then used for each request.
When issuing or checking an Auth Token, the corresponding Token Secret is calculated as:
* token-secret: HKDF(master-secret, salt=token-salt, info=auth-token, size=digest-length)
=== Shared Secrets File ===
Ops create secrets for each Node, and maintain for each cluster a file containing all secrets. The file is deployed on the Login Server and on each Service Node. The Login Server has all clusters files.
