Identity/AttachedServices/KeyServerProtocol: Difference between revisions

Jump to navigation Jump to search

Identity/AttachedServices/KeyServerProtocol (view source)

Revision as of 06:16, 1 August 2013

3 bytes added ,  1 August 2013
m
→‎Obtaining keys kA and kB
Line 200: Line 200:
[[File:PICL-IdPAuth-keys-client.png|keyFetchToken: client decrypts keys]]
[[File:PICL-IdPAuth-keys-client.png|keyFetchToken: client decrypts keys]]


Finally, the server-provided wrap(kB) value is simply XORed with the password-derived wrapKey (both are 32-byte strings) to obtain kB. There is no MAC on wrap(kB).
Finally, the server-provided wrap(kB) value is simply XORed with the password-derived unwrapBKey (both are 32-byte strings) to obtain kB. There is no MAC on wrap(kB).


[[File:PICL-IdPAuth-key-unwrap.png|unwrapping kB]]
[[File:PICL-IdPAuth-key-unwrap.png|unwrapping kB]]
Warner
Confirmed users
471

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/688149"

Navigation menu