summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2015-05-13 16:10:59 -0300
committerdrebs <drebs@leap.se>2015-05-13 16:10:59 -0300
commit0aaed6bd89e25fa52d147cddc265175a15dfcad2 (patch)
tree64339700250dc83e998169c760af1e4d8186f0a3
parentbc86ff23dfa9ad036c77087e925b2542a386e94b (diff)
update soledad storage secret docHEADmaster
-rw-r--r--docs/design/soledad.md23
1 files changed, 13 insertions, 10 deletions
diff --git a/docs/design/soledad.md b/docs/design/soledad.md
index a0eeed4..a12ab4c 100644
--- a/docs/design/soledad.md
+++ b/docs/design/soledad.md
@@ -92,22 +92,25 @@ For example, create a document, modify it and sync:
Storage secret
-----------------------------------
-The `storage_secret` is a long, randomly generated key used to derive encryption keys for both the documents stored on the server and the local replica of these documents. The `storage_secret` is block encrypted using a key derived from the user's password and saved locally on disk in a file called `<user_uid>.secret`, which contains a JSON structure that looks like this:
+The `storage_secret` is a long randomly generated key used to derive the encryption keys for the data stored both in the server and in the local replica. The `storage_secret` is block encrypted using a key derived from the user's password and saved locally on disk in a file called `<user_uid>.secret`, which contains a JSON structure that looks like this:
{
- "storage_secrets": {
- "<secret_id>": {
- "kdf": "scrypt",
- "kdf_salt": "<b64 repr of salt>",
- "kdf_length": <key_length>,
- "cipher": "aes256",
- "length": <secret_length>,
- "secret": "<encrypted storage_secret>",
+ 'active_secret': '<secret_id>',
+ 'storage_secrets': {
+ '<secret_id>': {
+ 'kdf': 'scrypt',
+ 'kdf_salt': '<b64 repr of salt>',
+ 'kdf_length': <key_length>,
+ 'cipher': 'aes256',
+ 'length': <secret_length>,
+ 'secret': '<encrypted storage_secret>',
}
}
'kdf': 'scrypt',
'kdf_salt': '<b64 repr of salt>',
- 'kdf_length: <key length>
+ 'kdf_length: <key length>,
+ '_mac_method': 'hmac',
+ '_mac': '<mac>',
}
The `storage_secrets` entry is a map that stores information about available storage keys. Currently, Soledad uses only one storage key per provider, but this may change in the future.