Changes

Jump to: navigation, search

Identity/AttachedServices/KeyServerProtocol

79 bytes added, 18:47, 7 August 2013
m
Obtaining keys kA and kB
"kA" and "kB" enable the browser to encrypt/decrypt synchronized data records. They will be used to derive separate encryption and HMAC keys for each data collection (bookmarks, form-fill data, saved-password, open-tabs, etc). This will allow the user to share some data, but not everything, with a third party. The client may intentionally forget kA and kB (only retaining the derived keys) to reduce the power available to someone who steals their device.
Note that /account/keys will not succeed until the account's email address has been verified. Also note that each keyFetchToken is single-use and short-lived. The token is consumed even if the request fails (e.g. the MAC does not match).
= Signing Certificates =
Confirm
471
edits

Navigation menu