Services/Sync/Developer/StorageFormat: Difference between revisions

Services/Sync/Developer/StorageFormat (view source)

Revision as of 01:58, 5 December 2010

441 bytes added , 5 December 2010

→‎Payload: Encrypted Data Object

Philikon

canmove, Confirmed users

725

edits

@@ Line 86: / Line 86: @@
 == Version 4 ==
-Like Version 2 and 3, except '''encryption''' has been dropped. The keys with which to verify and decrypt a WBO are now determined based on the collection name. If collection-specific keys do not exist, the default key bundle should be used.
+Version 4 is similar to Version 2 and 3, except '''encryption''' has been dropped and the HMAC is now calculated with a separate key which is no longer used in its base64 representation but in its raw byte form.
+The keys with which to verify and decrypt a WBO are now determined based on the collection name. If collection-specific keys do not exist, the default key bundle should be used.
+{| cellpadding=5
+! ciphertext
+| string
+| Encrypted JSON-stringified Browser Object
+|-
+! IV
+| string
+| Initialization vector used when decrypting the <tt>ciphertext</tt>
+|-
+! hmac
+| string
+| SHA256 HMAC in hex representation, computed on the base64 encoded version of the ciphertext, using the byte-representation of the HMAC key from the same bundle as the encryption key.
+|}
 === Example ===
@@ Line 125: / Line 142: @@
 ! hmac
 | string
-| SHA256 HMAC computed on the base64 encoded version of the ciphertext, using a base64 encoded version of the key used to encrypt the ciphertext in the first place as the key to the hmac algorithm.  In addition, the hmac is stored in the weave object in HEX format, not base64 like everything else.
+| SHA256 HMAC in hex format, computed on the base64 encoded version of the ciphertext, using a base64 encoded version of the key used to encrypt the ciphertext in the first place as the key to the hmac algorithm.
 |}