diff options
| -rw-r--r-- | docs/design/soledad.md | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/docs/design/soledad.md b/docs/design/soledad.md index a0eeed4..a12ab4c 100644 --- a/docs/design/soledad.md +++ b/docs/design/soledad.md @@ -92,22 +92,25 @@ For example, create a document, modify it and sync: Storage secret ----------------------------------- -The `storage_secret` is a long, randomly generated key used to derive encryption keys for both the documents stored on the server and the local replica of these documents. The `storage_secret` is block encrypted using a key derived from the user's password and saved locally on disk in a file called `<user_uid>.secret`, which contains a JSON structure that looks like this: +The `storage_secret` is a long randomly generated key used to derive the encryption keys for the data stored both in the server and in the local replica. The `storage_secret` is block encrypted using a key derived from the user's password and saved locally on disk in a file called `<user_uid>.secret`, which contains a JSON structure that looks like this: { - "storage_secrets": { - "<secret_id>": { - "kdf": "scrypt", - "kdf_salt": "<b64 repr of salt>", - "kdf_length": <key_length>, - "cipher": "aes256", - "length": <secret_length>, - "secret": "<encrypted storage_secret>", + 'active_secret': '<secret_id>', + 'storage_secrets': { + '<secret_id>': { + 'kdf': 'scrypt', + 'kdf_salt': '<b64 repr of salt>', + 'kdf_length': <key_length>, + 'cipher': 'aes256', + 'length': <secret_length>, + 'secret': '<encrypted storage_secret>', } } 'kdf': 'scrypt', 'kdf_salt': '<b64 repr of salt>', - 'kdf_length: <key length> + 'kdf_length: <key length>, + '_mac_method': 'hmac', + '_mac': '<mac>', } The `storage_secrets` entry is a map that stores information about available storage keys. Currently, Soledad uses only one storage key per provider, but this may change in the future. |