[taler-docs] branch master updated: document security question key share

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-docs] branch master updated: document security question key share

From:	gnunet
Subject:	[taler-docs] branch master updated: document security question key share encryption
Date:	Mon, 29 Mar 2021 12:36:43 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository docs.

The following commit(s) were added to refs/heads/master by this push:
     new 77065e3  document security question key share encryption
77065e3 is described below

commit 77065e31d20b680ebd7e922e4b2a1b8769b385e7
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Mon Mar 29 12:36:41 2021 +0200

    document security question key share encryption
---
 anastasis.rst | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/anastasis.rst b/anastasis.rst
index 4f50b27..0499ab8 100644
--- a/anastasis.rst
+++ b/anastasis.rst
@@ -226,7 +226,7 @@ key material using an HKDF over a nonce and the kdf_id.
 **prekey**: Original key material.
 
 **nonce**: 32-byte nonce, must never match "ver" (which it cannot as the 
length is different). Of course, we must
-avoid key reuse. So, we have to use different nonces to get different keys and 
ivs (see below).
+avoid key reuse. So, we have to use different nonces to get different keys and 
IVs (see below).
 
 **key**: Symmetric key which is later used to encrypt the documents with 
AES256-GCM.
 
@@ -273,6 +273,31 @@ at the various providers.
 **nonce_i**: Nonce which is used to generate *key_i* and *iv_i* which are used 
for the encryption of the **key share**. **i** must be
 the same number as specified above for *encrypted_key_share_i*. Nonce must 
contain the string "EKS" plus the according *i*.
 
+As a special rule, when a **security question** is used to authorize access to 
an
+**encrypted_key_share_i**, then the salt "eks" is replaced with an (expensive) 
hash
+of the answer to the security question as an additional way to make the key 
share
+inaccessible to those who do not have the answer:
+
+.. code-block:: none
+
+   powh = POW_HASH (qsalt, answer)
+   ekss = HKDF("Anastasis-secure-question-uuid-salting",
+               powh,
+               uuid);
+   (iv_i, key_i) = HKDF(key_id, nonce_i, ekss, [optional data], keysize + 
ivsize)
+
+
+**qsalt**: salt value used to hash answer to satisfy the challenge to prevent 
the provider from determining the answer via guessing.
+
+**answer**: answer to the security question, in UTF-8, as entered by the user.
+
+**powh**: result of the (expensive, proof-of-work) hash algorithm.
+
+**uuid**: UUID of the challenge associated with the security question and the 
encrypted key share.
+
+**ekss**: Replacement salt to be used instead of "eks" when deriving the key 
to encrypt/decrypt the key share.
+
+
 Signatures
 ----------
 

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-docs] branch master updated: document security question key share encryption, gnunet <=

Prev by Date: [taler-docs] branch master updated: restructure Anastasis docs a bit
Next by Date: [taler-marketing] branch master updated: spell check pass
Previous by thread: [taler-docs] branch master updated: restructure Anastasis docs a bit
Next by thread: [taler-marketing] branch master updated: spell check pass
Index(es):
- Date
- Thread