Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider deriving more signature keys and local storage key #10

Closed
petrdvorak opened this issue Nov 14, 2015 · 4 comments
Closed

Consider deriving more signature keys and local storage key #10

petrdvorak opened this issue Nov 14, 2015 · 4 comments
Labels
crypto enhancement inprogress

Comments

@petrdvorak
Copy link
Member

Currently, master secret KEY_MASTER_SECRET is used to derive one signing key KEY_SIGNATURE and one transport key KEY_TRANSPORT. It would be nice to have:

  • multiple signing keys (namely 3 - each for a single authentication factor)
    • KEY_SIGNING_F1
    • KEY_SIGNING_F2
    • KEY_SIGNING_F3
  • one "local storage key" to encrypt the original private key so that it can be used for further key derivation or asymmetric ECDSA signature
    • KEY_ENCRYPTED_STORAGE
@petrdvorak
Copy link
Member Author

This will also require description of expected key storage...

@petrdvorak petrdvorak mentioned this issue Nov 16, 2015
Closed
@petrdvorak
Copy link
Member Author

Just to add a note: the KEY_ENCRYPTED_STORAGE cannot of course be stored on the PowerAuth client. It must be used for initial encryption only, later purged and then retrieved from PowerAuth server upon successful authentication. For retrieving the key from the server, a unique transport key should be used, for example derived from CRT and KEY_TRANSPORT.

@petrdvorak petrdvorak mentioned this issue Nov 18, 2015
Closed
petrdvorak pushed a commit that referenced this issue Nov 18, 2015
Added new signature description to handle #10 and #11
36cfe99
petrdvorak pushed a commit that referenced this issue Nov 18, 2015
Added new signature description to handle #10 and #11
bf9a934
@petrdvorak
Copy link
Member Author

Implementation fixed in 4b8610f.

Needed improvements:

  • better description of the key storage
  • description of fetching the vault unlock key from server

@petrdvorak
Copy link
Member Author

Fixed in ea19194

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto enhancement inprogress
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@petrdvorak