Fix #616: Add a note on built-in keys to the list of used keys (#617)

* Fix #616: Add a note on built-in keys to the list of used keys * Fix table formatting
wultra · Jun 10, 2024 · 9065d60 · 9065d60
1 parent f2796e9
commit 9065d60
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -18,4 +18,5 @@
 ## Directory-based project format:
 .idea/
 .mvn
+.vscode/
 dist/
diff --git a/docs/.gitignore b/docs/.gitignore
@@ -18,4 +18,5 @@
 ## Directory-based project format:
 .idea/
 .mvn
+.vscode/
 dist/
diff --git a/docs/List-of-used-keys.md b/docs/List-of-used-keys.md
@@ -2,14 +2,24 @@
 
 The following keys are used in the PowerAuth cryptography scheme.
 
+## Application Scoped Keys
+
+| name | created as | purpose |
+|-----------------------------|------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `KEY_SERVER_MASTER_PRIVATE` | ECDH - private key | Embedded on server, used to assure authenticity of data during the transfer from server to client during application scoped use-cases (i.e., device activation). |
+| `KEY_SERVER_MASTER_PUBLIC` | ECDH - public key | Embedded in client app, used to verify authenticity of data while transferring from server to client during application scoped use-cases (i.e., device activation). |
+| `APP_KEY` | Application version key | Shared random ID between the server and client app, used to identify specific application version. The value travels in plain form over HTTPS channel. |
+| `APP_SECRET` | Application version secret | Shared random secret key between the server and client app, used to authenticate specific application version. Used in digest and MAC values. |
+
+
+## Activation Scoped Keys
+
 | name | created as | purpose |
 |-----------------------------|------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `KEY_DEVICE_PRIVATE` | ECDH - private key | Generated on client to allow construction of `KEY_MASTER_SECRET`. |
 | `KEY_DEVICE_PUBLIC` | ECDH - public key | Generated on client to allow construction of `KEY_MASTER_SECRET`. |
 | `KEY_SERVER_PRIVATE` | ECDH - private key | Generated on server to allow construction of `KEY_MASTER_SECRET`. |
 | `KEY_SERVER_PUBLIC` | ECDH - public key | Generated on server to allow construction of `KEY_MASTER_SECRET`. |
-| `KEY_SERVER_MASTER_PRIVATE` | ECDH - private key | Stored on server, used to assure authenticity of `KEY_DEVICE_PUBLIC` while transferring from server to client |
-| `KEY_SERVER_MASTER_PUBLIC` | ECDH - public key | Stored on client, used to assure authenticity of `KEY_DEVICE_PUBLIC` while transferring from server to client |
 | `KEY_MASTER_SECRET` | ECDH - pre-shared | A key deduced using ECDH derivation, `KEY_MASTER_SECRET = ECDH.phase(KEY_DEVICE_PRIVATE, KEY_SERVER_PUBLIC) = ECDH.phase(KEY_SERVER_PRIVATE, KEY_DEVICE_PUBLIC)` and then reduced with `ByteUtils.convert32Bto16B()`. |
 | `KEY_SIGNATURE_POSSESSION` | KDF derived key from `KEY_MASTER_SECRET` | A signing key associated with the possession, factor deduced using KDF derivation with `INDEX = 1`, `KEY_SIGNATURE_POSSESSION = KDF.derive(KEY_MASTER_SECRET, 1)`, used for subsequent request signing. |
 | `KEY_SIGNATURE_KNOWLEDGE` | KDF derived key from `KEY_MASTER_SECRET` | A key associated with the knowledge factor, deduced using KDF derivation with `INDEX = 2`, `KEY_SIGNATURE_KNOWLEDGE = KDF.derive(KEY_MASTER_SECRET, 2)`, used for subsequent request signing. |