[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: get rid of policy download sign
|
From: |
gnunet |
|
Subject: |
[taler-anastasis] branch master updated: get rid of policy download signature, explain upload signature better |
|
Date: |
Thu, 21 Oct 2021 08:25:25 +0200 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new d38138b get rid of policy download signature, explain upload
signature better
d38138b is described below
commit d38138b69c2f46c0a1fdf6d5971cc2ae0a9447dd
Author: Florian Dold <florian@dold.me>
AuthorDate: Thu Oct 21 08:25:19 2021 +0200
get rid of policy download signature, explain upload signature better
---
doc/sphinx/cryptography.rst | 19 +++----------------
doc/sphinx/rest.rst | 1 -
2 files changed, 3 insertions(+), 17 deletions(-)
diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst
index 6c25fc0..a38f6e7 100644
--- a/doc/sphinx/cryptography.rst
+++ b/doc/sphinx/cryptography.rst
@@ -233,7 +233,9 @@ Signatures
----------
The EdDSA keys are used to sign the data sent from the client to the
-server. Everything the client sends to server is signed. The following
+server. This signature ensures that an adversary that observes the upload is
not
+able to upload a new version of the policy without knowing the user's identity
attributes.
+The signature is made over a hash of the request body. The following
algorithm is equivalent for **Anastasis-Policy-Signature**.
.. code-block:: none
@@ -248,21 +250,6 @@ algorithm is equivalent for **Anastasis-Policy-Signature**.
**ver_res**: A boolean value. True: Signature verification passed, False:
Signature verification failed.
-When requesting policy downloads, the client must also provide a signature:
-
-.. code-block:: none
-
- (anastasis-account-signature) := eddsa_sign(version, eddsa_priv)
- ver_res := eddsa_verifiy(version, anastasis-account-signature, eddsa_pub)
-
-**anastasis-account-signature**: Signature over the SHA-512 hash of the body
using the purpose code ``TALER_SIGNATURE_ANASTASIS_POLICY_DOWNLOAD`` (1401)
(see GNUnet EdDSA signature API for the use of purpose).
-
-**version**: The version requested as a 64-bit integer, 2^64-1 for the "latest
version".
-
-**ver_res**: A boolean value. True: Signature verification passed, False:
Signature verification failed.
-
-
-
Availability Considerations
^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/doc/sphinx/rest.rst b/doc/sphinx/rest.rst
index 03ee138..767ae99 100644
--- a/doc/sphinx/rest.rst
+++ b/doc/sphinx/rest.rst
@@ -187,7 +187,6 @@ In the following, UUID is always defined and used according
to `RFC 4122`_.
*If-None-Match*: If this is not the very first request of the client, this
contains the Etag-value which the client has received before from the server.
The client SHOULD send this header with every request (except for the first
request) to avoid unnecessary downloads.
- *Anastasis-Account-Signature*: The client must provide Base-32 encoded EdDSA
signature over hash of body with ``$ACCOUNT_PRIV``, affirming desire to
download the requested encrypted recovery document. The purpose used MUST be
``TALER_SIGNATURE_ANASTASIS_POLICY_DOWNLOAD`` (1401).
.. http:post:: /policy/$ACCOUNT_PUB
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: get rid of policy download signature, explain upload signature better,
gnunet <=