From 6f27b649f3549b5b118796296934565c7402386e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Fri, 7 Jun 2024 11:57:11 +0200 Subject: [PATCH 1/2] Fix #616: Add a note on built-in keys to the list of used keys --- .gitignore | 1 + docs/.gitignore | 1 + docs/List-of-used-keys.md | 13 +++++++++++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 29c47e3cc..31dd84ab6 100644 --- a/.gitignore +++ b/.gitignore @@ -18,4 +18,5 @@ ## Directory-based project format: .idea/ .mvn +.vscode/ dist/ diff --git a/docs/.gitignore b/docs/.gitignore index 29c47e3cc..31dd84ab6 100644 --- a/docs/.gitignore +++ b/docs/.gitignore @@ -18,4 +18,5 @@ ## Directory-based project format: .idea/ .mvn +.vscode/ dist/ diff --git a/docs/List-of-used-keys.md b/docs/List-of-used-keys.md index 21d63e49c..519f657a9 100644 --- a/docs/List-of-used-keys.md +++ b/docs/List-of-used-keys.md @@ -2,14 +2,23 @@ The following keys are used in the PowerAuth cryptography scheme. +## Application Scoped Keys + +| name | created as | purpose | +| `KEY_SERVER_MASTER_PRIVATE` | ECDH - private key | Embedded on server, used to assure authenticity of data during the transfer from server to client during application scoped use-cases (i.e., device activation). | +| `KEY_SERVER_MASTER_PUBLIC` | ECDH - public key | Embedded in client app, used to verify authenticity of data while transferring from server to client during application scoped use-cases (i.e., device activation). | +| `APP_KEY` | Application version key | Shared random ID between the server and client app, used to identify specific application version. The value travels in plain form over HTTPS channel. | +| `APP_SECRET` | Application version secret | Shared random secret key between the server and client app, used to authenticate specific application version. Used in digest and MAC values. | + + +## Activation Scoped Keys + | name | created as | purpose | |-----------------------------|------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `KEY_DEVICE_PRIVATE` | ECDH - private key | Generated on client to allow construction of `KEY_MASTER_SECRET`. | | `KEY_DEVICE_PUBLIC` | ECDH - public key | Generated on client to allow construction of `KEY_MASTER_SECRET`. | | `KEY_SERVER_PRIVATE` | ECDH - private key | Generated on server to allow construction of `KEY_MASTER_SECRET`. | | `KEY_SERVER_PUBLIC` | ECDH - public key | Generated on server to allow construction of `KEY_MASTER_SECRET`. | -| `KEY_SERVER_MASTER_PRIVATE` | ECDH - private key | Stored on server, used to assure authenticity of `KEY_DEVICE_PUBLIC` while transferring from server to client | -| `KEY_SERVER_MASTER_PUBLIC` | ECDH - public key | Stored on client, used to assure authenticity of `KEY_DEVICE_PUBLIC` while transferring from server to client | | `KEY_MASTER_SECRET` | ECDH - pre-shared | A key deduced using ECDH derivation, `KEY_MASTER_SECRET = ECDH.phase(KEY_DEVICE_PRIVATE, KEY_SERVER_PUBLIC) = ECDH.phase(KEY_SERVER_PRIVATE, KEY_DEVICE_PUBLIC)` and then reduced with `ByteUtils.convert32Bto16B()`. | | `KEY_SIGNATURE_POSSESSION` | KDF derived key from `KEY_MASTER_SECRET` | A signing key associated with the possession, factor deduced using KDF derivation with `INDEX = 1`, `KEY_SIGNATURE_POSSESSION = KDF.derive(KEY_MASTER_SECRET, 1)`, used for subsequent request signing. | | `KEY_SIGNATURE_KNOWLEDGE` | KDF derived key from `KEY_MASTER_SECRET` | A key associated with the knowledge factor, deduced using KDF derivation with `INDEX = 2`, `KEY_SIGNATURE_KNOWLEDGE = KDF.derive(KEY_MASTER_SECRET, 2)`, used for subsequent request signing. | From 75c02580a72b257f42ccc596d723f3bdc0bf1912 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Fri, 7 Jun 2024 12:24:53 +0200 Subject: [PATCH 2/2] Fix table formatting --- docs/List-of-used-keys.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/List-of-used-keys.md b/docs/List-of-used-keys.md index 519f657a9..11b322b2f 100644 --- a/docs/List-of-used-keys.md +++ b/docs/List-of-used-keys.md @@ -5,6 +5,7 @@ The following keys are used in the PowerAuth cryptography scheme. ## Application Scoped Keys | name | created as | purpose | +|-----------------------------|------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `KEY_SERVER_MASTER_PRIVATE` | ECDH - private key | Embedded on server, used to assure authenticity of data during the transfer from server to client during application scoped use-cases (i.e., device activation). | | `KEY_SERVER_MASTER_PUBLIC` | ECDH - public key | Embedded in client app, used to verify authenticity of data while transferring from server to client during application scoped use-cases (i.e., device activation). | | `APP_KEY` | Application version key | Shared random ID between the server and client app, used to identify specific application version. The value travels in plain form over HTTPS channel. |