Confirmed users
188
edits
Services/Sync/WEP/101: Difference between revisions
→WEP 101 - Cryptography Proxy
| Line 30: | Line 30: | ||
We propose to modify the current implementation to address some of the stated concerns. Assuming that the crypto proxy lives in a prefix, say, <code>https://services.mozilla.com/crypto-proxy</code>; the following operations will be possible: | We propose to modify the current implementation to address some of the stated concerns. Assuming that the crypto proxy lives in a prefix, say, <code>https://services.mozilla.com/crypto-proxy</code>; the following operations will be possible: | ||
==== | ==== Fetch a user's unwrapped symkeys ==== | ||
<code>GET [prefix]/0.1/unwrap/[user]</code> | <code>GET [prefix]/0.1/unwrap/[user]/</code> | ||
The <code>X_WEAVE_PASSPHRASE</code> | The <code>X_WEAVE_PASSWORD</code>, and <code>X_WEAVE_PASSPHRASE</code> headers MUST be included in the request. The return value will be unwrapped symmetric keys for all of the user's collections. | ||
==== Fetch | |||
==== Fetch a user's unwrapped symkey for a specific collection ==== | |||
<code>GET [prefix]/0.1/unwrap/[user]/[collection]</code> | <code>GET [prefix]/0.1/unwrap/[user]/[collection]</code> | ||
The <code>X_WEAVE_PASSPHRASE</code> | The <code>X_WEAVE_PASSWORD</code>, and <code>X_WEAVE_PASSPHRASE</code> headers MUST be included in the request. The return value will be the unwrapped symmetric key for the given collection. | ||
==== Fetch plaintext WBO records ==== | ==== Fetch plaintext WBO records ==== | ||
<code>GET [prefix]/0.1/storage/[ | <code>GET [prefix]/0.1/storage/[storage-api-path]</code> | ||
Exactly one of the <code>X_WEAVE_PASSPHRASE</code> or <code>X_WEAVE_SYMKEY</code> headers MUST be included in the request. The return value will be the WBO, except that all ciphertext is replaced with their corresponding plaintext. | Exactly one of the <code>X_WEAVE_PASSPHRASE</code> or <code>X_WEAVE_SYMKEY</code> headers MUST be included in the request. The return value will be the WBO, except that all ciphertext is replaced with their corresponding plaintext. | ||
=== Discussion === | |||
The given proposal allows for two different levels of privacy enforcement on the client. The client may delegate all cryptographic operations to the server by providing <code>X_WEAVE_PASSPHRASE</code>, or unwrap a symmetric key for a particular collection and ask the server to decrypt only that collection by providing <code>X_WEAVE_SYMKEY</code>. | |||