[GNUnet-SVN] [taler-anastasis] 02/05: Added more general information abo

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-anastasis] 02/05: Added more general information abo

From:	gnunet
Subject:	[GNUnet-SVN] [taler-anastasis] 02/05: Added more general information about the keys to use.
Date:	Thu, 29 Aug 2019 23:07:13 +0200

This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a commit to branch master
in repository anastasis.

commit 08edc0891f5e9a8ce61a38c0aea4cb6994761b60
Author: Dennis Neufeld <address@hidden>
AuthorDate: Wed Aug 28 13:04:35 2019 +0200

    Added more general information about the keys to use.
---
 src/api/api-anastasis.rst | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/api/api-anastasis.rst b/src/api/api-anastasis.rst
index 6ad765a..df55419 100644
--- a/src/api/api-anastasis.rst
+++ b/src/api/api-anastasis.rst
@@ -20,9 +20,21 @@
 ==============================
 The Anastasis RESTful JSON API
 ==============================
+Anastasis is a service that allows the user to securely deposit a master 
password with an escrow provider 
+and recover it if it is lost. An "unforgettable" secret is used, e.g. the AHV 
number for Swiss citizens. 
+Necessary keys are derived from this "secret" using different HKDFs (see 
below).
 
-The API specified here follows the :ref:`general conventions <http-common>`
-for all details not specified in the individual requests.
+The service uses an EdDSA escrow key to identify the "account" of the user. 
The escrow key is Crockford 
+Base32-encoded in the URI to access the data and used to sign requests as well 
as to encrypt the contents. 
+These signatures are provided in detached form as HTTP headers.
+
+To make a possible attack more difficult, we use different expensive hash 
functions to generate different private keys: 
+
+* escrow key for the "account", signing and for deriving ECDHE public keys 
used to encrypt the payload: H_1
+* Key for deriving ECDHE public keys used to encrypt the key share: H_2
+
+The symmetric keys used for encryption must be generated as follows: First, an 
ECDHE public key is derived 
+from the corresponding private key. Using ECDH, the private key and the 
derived public key form the symmetric key to be used. 
 
 For security reasons, we assume that the service is only accessed over TLS.
 
@@ -107,7 +119,7 @@ EdDSA public key.
       // Variable-size encrypted key-share. After decryption,
       // this contains a gzip compressed JSON-encoded `KeyShare`_.
       enc_keyshare: byte[]; 
-      
+
     }
 
   .. _PolicyDocument:

-- 
To stop receiving notification emails like this one, please contact
address@hidden.

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [taler-anastasis] branch master updated (c7107be -> 25c293d), gnunet, 2019/08/29
- [GNUnet-SVN] [taler-anastasis] 04/05: Added some states to the get request, gnunet, 2019/08/29
- [GNUnet-SVN] [taler-anastasis] 02/05: Added more general information about the keys to use., gnunet <=
- [GNUnet-SVN] [taler-anastasis] 05/05: Added EscrowChallenge and states to truth api., gnunet, 2019/08/29
- [GNUnet-SVN] [taler-anastasis] 03/05: Added Truth. Status Codes are missing yet., gnunet, 2019/08/29
- [GNUnet-SVN] [taler-anastasis] 01/05: Combined PolicyDocument and KeyShare in EncryptedRecoveryDocument, gnunet, 2019/08/29

Prev by Date: [GNUnet-SVN] [taler-anastasis] 04/05: Added some states to the get request
Next by Date: [GNUnet-SVN] [taler-anastasis] 05/05: Added EscrowChallenge and states to truth api.
Previous by thread: [GNUnet-SVN] [taler-anastasis] 04/05: Added some states to the get request
Next by thread: [GNUnet-SVN] [taler-anastasis] 05/05: Added EscrowChallenge and states to truth api.
Index(es):
- Date
- Thread