Services/Sync/Developer/StorageFormat: Difference between revisions

← Older edit

Services/Sync/Developer/StorageFormat (view source)

Revision as of 00:40, 11 August 2011

138 bytes added , 11 August 2011

m

→‎Version 5

Rnewman

canmove, Confirmed users

640

edits

@@ Line 7: / Line 7: @@
 All records from the server come back as a JSON string that represent a JS-object with some attributes. The whole object is described by the [[Labs/Weave/API|Sync Server API]], but for a given client storage version, only a subset may be used.
-== Versions 2, 3, and 4  ==
+== Versions 2, 3, and 5  ==
 The following describes the JS-object represented by the JSON-string record:
@@ Line 15: / Line 15: @@
 ! id
 | string
-| Opaque identifying string for the record
+| Record identifier. Starting with version 5 this SHOULD be exactly 12 characters from the base64url alphabet.
 |-
 ! modified
@@ Line 84: / Line 84: @@
 Individual data engines, e.g., bookmarks, encrypt their [[Labs/Weave/Developer/BrowserObjects|Browser Objects]] payloads before packing it into the <tt>payload</tt> field of a Weave Basic Object. There is additional metadata about the encryption to help decrypt the BrowserObject payload.
-== Version 4 ==
+== Version 5 ==
-Version 4 is similar to Version 2 and 3, except '''encryption''' has been dropped and the HMAC is now calculated with a separate key which is no longer used in its base64 representation but in its raw byte form.
+Version 5 is similar to Version 2 and 3, except:
-The keys with which to verify and decrypt a WBO are now determined based on the collection name. If collection-specific keys do not exist, the default key bundle should be used.
+* the '''encryption''' field (which specifies the key to use) has been dropped; key selection is now implied by the WBO's collection
+* the HMAC is now calculated with a separate key, used in its raw byte form rather than in base64 encoding.
+The keys with which to verify and decrypt a WBO are now determined based on the collection name. If collection-specific keys do not exist, the default key bundle is used.
 {| cellpadding=5
@@ Line 110: / Line 113: @@
   "IV":"GluQHjEH65G0gPk/d/OGmg==",
   "hmac":"c550f20a784cab566f8b2223e546c3abbd52e2709e74e4e9902faad8611aa289"}</pre>
 == Version 3 ==
@@ Line 193: / Line 195: @@
 The payload of the <tt>meta/global</tt> record contains general metadata to describe data like versions and syncID.
-== Version 2, 3 and 4 ==
+== Version 2, 3 and 5 ==
 The following describes the JS-object represented by the JSON-string payload:
@@ Line 249: / Line 251: @@
 = Payload: crypto/keys =
-In storage Version 4, the public/private key layer has been dropped. All bulk keys are now stored in this one WBO. Encryption and HMAC keys are separate keys and kept in key pairs.
+In storage Version 5, the public/private key layer has been dropped. All bulk keys are now stored in this one WBO. Encryption and HMAC keys are separate keys and kept in key pairs.
 The '''keys''' WBO is encrypted and verified just like any other WBO, except a different key bundle is used. The key bundle for the '''keys''' WBO is derived from the Sync Key using an HKDF with HMAC-SHA256 as the HMAC function (see [http://tools.ietf.org/html/rfc5869 RFC 5869]):
@@ Line 262: / Line 264: @@
    sync_key = decodeBase32(sync_key_ui.replace('8', 'l').replace('9', 'o'))
-   sync_key_ui = encodeBase32(sync_key).replace('l', '8').replace('o', '8))
+   sync_key_ui = encodeBase32(sync_key).replace('l', '8').replace('o', '8)
-== Version 4 ==
+== Version 5 ==
 {| cellpadding=5