[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-docs] branch master updated: clarifiations
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [taler-docs] branch master updated: clarifiations |
|
Date: |
Thu, 10 Oct 2019 10:07:26 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new 41ca368 clarifiations
41ca368 is described below
commit 41ca3680042d948095a397724911acc93991eafb
Author: Christian Grothoff <address@hidden>
AuthorDate: Thu Oct 10 10:07:24 2019 +0200
clarifiations
---
anastasis.rst | 27 ++++++++-------------------
1 file changed, 8 insertions(+), 19 deletions(-)
diff --git a/anastasis.rst b/anastasis.rst
index 21c3698..1262bab 100644
--- a/anastasis.rst
+++ b/anastasis.rst
@@ -496,6 +496,9 @@ public key using the Crockford base32-encoding.
.. http:post:: /policy/$ACCOUNT_PUB
Upload a new version of the customer's encrypted recovery document.
+ While the document's structure is described in JSON below, the upload
+ should just be the bytestream of the raw data (i.e. 32 bytes nonce followed
+ by 16 bytes tag followed by the encrypted document).
If request has been seen before, the server should do nothing, and otherwise
store the new version.
The body must begin with a nonce, an AES-GCM tag and continue with the
ciphertext. The format
is the same as specified for the response of the GET method. The
@@ -679,24 +682,10 @@ charge per truth operation using GNU Taler.
.. code-block:: tsref
interface Truth {
- // Nonce used to generate the (iv,key) from kdf_id to AES-GCM encrypt
the truth.
- nonce: byte[32];
-
- // Authentication tag over the encrypted_key_share
- key_share_aes_gcm_tag: byte[32];
-
- // The encrypted key material to reveal, in base32 encoding.
- // Contains a KeyShare_.
- //
- // The nonce of the HKDF for the encryption of this
- // value must include the string "EKS" plus a positive
- // number which represents the key
- // share method. Depending on the method,
- // the HKDF may additionally include
- // bits from the response (i.e. some hash over the
- // answer to the security question)
- encrypted_key_share: byte[];
-
+ // Contains the information of an `interface EncryptedKeyShare`_, but
simply
+ // as one binary block (in Crockford Base32 encoding for JSON).
+ key_share_data: byte[];
+
// Key share method, i.e. "security question", "SMS", "e-mail", ...
method: String;
@@ -714,7 +703,6 @@ charge per truth operation using GNU Taler.
}
-
.. http:get:: /truth/$UUID[?response=$RESPONSE]
Get the stored encrypted key share. If $RESPONSE is specified by the client,
the server checks
@@ -722,6 +710,7 @@ charge per truth operation using GNU Taler.
If $RESPONSE is not specified, the server will response with a challenge
according to the key share
method (e.g. ask the security question or send a SMS with a code) and await
the answer within $RESPONSE.
When $RESPONSE is correct, the server responses with the encrypted key share.
+ The encrypted key share is returned simply as a byte array and not in JSON
format.
:status 200 OK:
EncryptedKeyShare_ is returned in body (in binary).
--
To stop receiving notification emails like this one, please contact
address@hidden.