diff options
author | Florian Dold <florian@dold.me> | 2021-10-21 08:25:19 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-10-21 08:25:19 +0200 |
commit | d38138b69c2f46c0a1fdf6d5971cc2ae0a9447dd (patch) | |
tree | f97e4301346dc0ab2f2ecfce4e92ab78d1109cb5 | |
parent | aab474bed915172f40c161818e65091158d3e410 (diff) | |
download | anastasis-d38138b69c2f46c0a1fdf6d5971cc2ae0a9447dd.tar.gz anastasis-d38138b69c2f46c0a1fdf6d5971cc2ae0a9447dd.tar.bz2 anastasis-d38138b69c2f46c0a1fdf6d5971cc2ae0a9447dd.zip |
get rid of policy download signature, explain upload signature better
-rw-r--r-- | doc/sphinx/cryptography.rst | 19 | ||||
-rw-r--r-- | doc/sphinx/rest.rst | 1 |
2 files changed, 3 insertions, 17 deletions
diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst index 6c25fc0..a38f6e7 100644 --- a/doc/sphinx/cryptography.rst +++ b/doc/sphinx/cryptography.rst @@ -233,7 +233,9 @@ Signatures ---------- The EdDSA keys are used to sign the data sent from the client to the -server. Everything the client sends to server is signed. The following +server. This signature ensures that an adversary that observes the upload is not +able to upload a new version of the policy without knowing the user's identity attributes. +The signature is made over a hash of the request body. The following algorithm is equivalent for **Anastasis-Policy-Signature**. .. code-block:: none @@ -248,21 +250,6 @@ algorithm is equivalent for **Anastasis-Policy-Signature**. **ver_res**: A boolean value. True: Signature verification passed, False: Signature verification failed. -When requesting policy downloads, the client must also provide a signature: - -.. code-block:: none - - (anastasis-account-signature) := eddsa_sign(version, eddsa_priv) - ver_res := eddsa_verifiy(version, anastasis-account-signature, eddsa_pub) - -**anastasis-account-signature**: Signature over the SHA-512 hash of the body using the purpose code ``TALER_SIGNATURE_ANASTASIS_POLICY_DOWNLOAD`` (1401) (see GNUnet EdDSA signature API for the use of purpose). - -**version**: The version requested as a 64-bit integer, 2^64-1 for the "latest version". - -**ver_res**: A boolean value. True: Signature verification passed, False: Signature verification failed. - - - Availability Considerations ^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/doc/sphinx/rest.rst b/doc/sphinx/rest.rst index 03ee138..767ae99 100644 --- a/doc/sphinx/rest.rst +++ b/doc/sphinx/rest.rst @@ -187,7 +187,6 @@ In the following, UUID is always defined and used according to `RFC 4122`_. *If-None-Match*: If this is not the very first request of the client, this contains the Etag-value which the client has received before from the server. The client SHOULD send this header with every request (except for the first request) to avoid unnecessary downloads. - *Anastasis-Account-Signature*: The client must provide Base-32 encoded EdDSA signature over hash of body with ``$ACCOUNT_PRIV``, affirming desire to download the requested encrypted recovery document. The purpose used MUST be ``TALER_SIGNATURE_ANASTASIS_POLICY_DOWNLOAD`` (1401). .. http:post:: /policy/$ACCOUNT_PUB |