gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-anastasis] 03/05: Added Truth. Status Codes are miss

From: gnunet
Subject: [GNUnet-SVN] [taler-anastasis] 03/05: Added Truth. Status Codes are missing yet.
Date: Thu, 29 Aug 2019 23:07:14 +0200 
This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a commit to branch master
in repository anastasis.

commit 78284cb20e16a55e1ef89649b3df6117f52f10ec
Author: Dennis Neufeld <address@hidden>
AuthorDate: Wed Aug 28 16:41:19 2019 +0200

    Added Truth. Status Codes are missing yet.
---
 src/api/api-anastasis.rst | 56 ++++++++++++++++++++++++++++++++++-------------
 1 file changed, 41 insertions(+), 15 deletions(-)

diff --git a/src/api/api-anastasis.rst b/src/api/api-anastasis.rst
index df55419..e43682f 100644
--- a/src/api/api-anastasis.rst
+++ b/src/api/api-anastasis.rst
@@ -20,7 +20,7 @@
 ==============================
 The Anastasis RESTful JSON API
 ==============================
-Anastasis is a service that allows the user to securely deposit a master 
password with an escrow provider 
+**Anastasis** is a service that allows the user to securely deposit a master 
password with an escrow provider 
 and recover it if it is lost. An "unforgettable" secret is used, e.g. the AHV 
number for Swiss citizens. 
 Necessary keys are derived from this "secret" using different HKDFs (see 
below).
 
@@ -35,6 +35,7 @@ To make a possible attack more difficult, we use different 
expensive hash functi
 
 The symmetric keys used for encryption must be generated as follows: First, an 
ECDHE public key is derived 
 from the corresponding private key. Using ECDH, the private key and the 
derived public key form the symmetric key to be used. 
+For symmetric encryption we use AES-GCM.
 
 For security reasons, we assume that the service is only accessed over TLS.
 
@@ -109,12 +110,13 @@ EdDSA public key.
   .. code-block:: tsref
 
     interface RecoveryDocument {
+      policy_doc: PolicyDocument;
+      
       // ECDHE public key used to encrypt the gzip compressed JSON-encoded 
`KeyShare`_.
       ephemeral_pub: EddsaPublicKey;
 
       // Authentication tag
       aes_gcm_tag: byte[32];
-      policy_doc: PolicyDocument;
 
       // Variable-size encrypted key-share. After decryption,
       // this contains a gzip compressed JSON-encoded `KeyShare`_.
@@ -143,22 +145,11 @@ EdDSA public key.
   .. code-block:: tsref
        
     interface KeyShare {
-      // Key share method, i.e. "security question", "SMS", "e-mail", ...
-      method: String;
-
       // the explicit key to reveal, if method is one of SMS, e-mail, ...
-      key? : byte[];
-
-      // ground truth, i.e. challenge question,
-      // phone number, e-mail address, picture, fingerprint, ...
-      truth? : byte[];
+      key-share : byte[];
 
-      // mime type of truth, i.e. text/ascii, image/jpeg, etc.
-      truth_mime: string;
+      salt: byte[32];
 
-      // signature over method, uuid, and hash of truth / truth-mime and/or 
key.
-      account_sig: EdDSA-Signature;
-      
     }
 
   .. _EscrowMethod:
@@ -210,3 +201,38 @@ EdDSA public key.
 Upload the truth 
 ----------------
 
+This API is used by the Anastasis client to deposit or request the truth with 
the escrow provider.
+The client is identified and authorized by $ACCOUNT_PUB, which should be kept 
secret from third parties. $ACCOUNT_PUB should be an
+EdDSA public key. 
+
+.. http:post:: /truth/$ACCOUNT_PUB[?uuid=$UUID]
+
+  X-Anastasis-UUID: $UUID --- return actual uuid in header;
+  (if not specified in request, return latest entry).
+    
+  **Details:**
+
+  .. _Truth:
+  .. code-block:: tsref
+
+    interface Truth {
+      // Key share method, i.e. "security question", "SMS", "e-mail", ...
+      method: String;
+
+      // the explicit key to reveal, if method is one of SMS, e-mail, ...
+      // If not defined, the provider provides a key himself, unless the 
method is a secure question.
+      key? : byte[];
+
+      // ground truth, i.e. challenge question,
+      // phone number, e-mail address, picture, fingerprint, ...
+      truth? : byte[];
+
+      // mime type of truth, i.e. text/ascii, image/jpeg, etc.
+      truth_mime: string;
+
+      // signature over method, uuid, and hash of truth / truth-mime and/or 
key.
+      account_sig: EdDSA-Signature;
+      
+    }
+
+

-- 
To stop receiving notification emails like this one, please contact
address@hidden.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]