Identity/AttachedServices/KeyServerProtocol: Difference between revisions

Jump to navigation Jump to search

Identity/AttachedServices/KeyServerProtocol (view source)

Revision as of 21:35, 22 July 2013

342 bytes added ,  22 July 2013
→‎Glossary
(→‎PiCL Key Server / IdP Protocol: link to the key-stretching-costs app)
Line 347: Line 347:
* kB: the master key for data stored as "class-B", a 32-byte binary string.
* kB: the master key for data stored as "class-B", a 32-byte binary string.
* wrap(kB): an encrypted copy of kB. The keyserver stores wrap(kB) and never sees kB itself. The client (browser) uses a key derived from the user's password to decrypt wrap(kB), obtaining the real kB.
* wrap(kB): an encrypted copy of kB. The keyserver stores wrap(kB) and never sees kB itself. The client (browser) uses a key derived from the user's password to decrypt wrap(kB), obtaining the real kB.
* sessionToken: a long-lived per-device token which allows the device to obtained signed BrowserID certificates for the account's identity (GUID@picl-something.org). This token remains valid until the user revokes it (either by changing their password, or triggering some kind of "revoke a specific device" or "revoke all devices" function).


= Test Vectors =
= Test Vectors =
Warner
Confirmed users
471

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/683228"

Navigation menu