Confirmed users
471
edits
Identity/AttachedServices/KeyServerProtocol: Difference between revisions
Identity/AttachedServices/KeyServerProtocol (view source)
Revision as of 06:16, 1 August 2013
, 1 August 2013→Obtaining keys kA and kB
m (→Test Vectors) |
|||
| Line 201: | Line 201: | ||
Finally, the server-provided wrap(kB) value is simply XORed with the password-derived wrapKey (both are 32-byte strings) to obtain kB. There is no MAC on wrap(kB). | Finally, the server-provided wrap(kB) value is simply XORed with the password-derived wrapKey (both are 32-byte strings) to obtain kB. There is no MAC on wrap(kB). | ||
[[File:PICL-IdPAuth-key-unwrap.png|unwrapping kB]] | |||
"kA" and "kB" enable the browser to encrypt/decrypt synchronized data records. They will be used to derive separate encryption and HMAC keys for each data collection (bookmarks, form-fill data, saved-password, open-tabs, etc). This will allow the user to share some data, but not everything, with a third party. The client may intentionally forget kA and kB (only retaining the derived keys) to reduce the power available to someone who steals their device. | "kA" and "kB" enable the browser to encrypt/decrypt synchronized data records. They will be used to derive separate encryption and HMAC keys for each data collection (bookmarks, form-fill data, saved-password, open-tabs, etc). This will allow the user to share some data, but not everything, with a third party. The client may intentionally forget kA and kB (only retaining the derived keys) to reduce the power available to someone who steals their device. | ||