MozillaWiki

BrowserID Key Wrapping: Difference between revisions

Page Discussion

BrowserID Key Wrapping (view source)

Revision as of 11:34, 11 May 2012

1 byte added ,  11 May 2012
→‎Crypto Preliminaries: technically, since we are MACing the ciphertext, we are doing encrypt-then-mac (as opposed to encrypt-and-mac which is MACing the plaintext)
(→‎Crypto Preliminaries: technically, since we are MACing the ciphertext, we are doing encrypt-then-mac (as opposed to encrypt-and-mac which is MACing the plaintext))
Line 57: Line 57:
=== Crypto Preliminaries ===
=== Crypto Preliminaries ===


We don't ever do raw encryption. We perform encryption-and-MAC. We do this by encrypting the plaintext, then HMACing the ciphertext. The decryption process first checks the HMAC, and decrypts only if it is valid. In the following description, every time we talk about a single key, we really mean two keys: one for encryption, and one for HMACing. We use AES in CBC mode for encryption, and HMAC-SHA256 for MACs.
We don't ever do raw encryption. We perform encryption-then-MAC. We do this by encrypting the plaintext, then HMACing the ciphertext. The decryption process first checks the HMAC, and decrypts only if it is valid. In the following description, every time we talk about a single key, we really mean two keys: one for encryption, and one for HMACing. We use AES in CBC mode for encryption, and HMAC-SHA256 for MACs.


Wrapping a key means encrypting (and HMACing) a data structure that contains the key and some optional tags. We denote this
Wrapping a key means encrypting (and HMACing) a data structure that contains the key and some optional tags. We denote this
Fmarier
Confirmed users
908

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/429832"