canmove, Confirmed users
640
edits
Services/Sync/SimplifiedCrypto: Difference between revisions
Services/Sync/SimplifiedCrypto (view source)
Revision as of 18:58, 9 December 2010
, 9 December 2010→Bulk keys
| Line 65: | Line 65: | ||
=== Bulk keys === | === Bulk keys === | ||
The server stores one or more bulk keys: one default | The server stores one or more bulk keys: one default, and an optional set of keys associated with specific collections. This will allow rudimentary sharing scenarios (provide your bookmarks collection key to a web app, and your passwords remain secure). A default key is simpler than having per-engine/collection keys without an obvious need. | ||
TODO: note storage location. Bear in mind that the storage location changed between v4 and v5. | |||
Bulk keys are encrypted and HMACed using the sync key outputs, and cached on the client. (Current caching is per-session, but they're stored as identities to make persistence easier to implement.) | Bulk keys are encrypted and HMACed using the sync key outputs, and cached on the client. (Current caching is per-session, but they're stored as identities to make persistence easier to implement.) | ||
The timestamp on the collections record allows clients to invalidate their key cache when a new key is associated with a collection: the ' | The timestamp on the collections record allows clients to invalidate their key cache when a new key is associated with a collection: the 'crypto' collection will appear to have changed. | ||
=== HMAC === | === HMAC === | ||