diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-03-29 12:27:49 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-03-29 12:27:49 +0200 |
| commit | 92a26a59760f5289b63a68d7c6bf459be2c02705 (patch) | |
| tree | 18d4d2a6b1b1a794587d4c1eafdc0cbb445aec15 | |
| parent | 9753a6edb80e8e5496a427bbec013fc45b140b65 (diff) | |
| download | docs-92a26a59760f5289b63a68d7c6bf459be2c02705.tar.gz docs-92a26a59760f5289b63a68d7c6bf459be2c02705.tar.bz2 docs-92a26a59760f5289b63a68d7c6bf459be2c02705.zip | |
restructure Anastasis docs a bit
| -rw-r--r-- | anastasis.rst | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/anastasis.rst b/anastasis.rst index 4ab76f99..4f50b277 100644 --- a/anastasis.rst +++ b/anastasis.rst @@ -122,9 +122,8 @@ encrypted **core secret**, a set of escrow methods and a set of policies. ---------------- Key derivations ---------------- +^^^^^^^^^^^^^^^ EdDSA and ECDHE public keys are always points on Curve25519 and represented using the standard 256 bit Ed25519 compact format. The binary representation @@ -161,7 +160,7 @@ likely also be available to other actors. Verification -^^^^^^^^^^^^ +------------ For users to authorize "policy" operations we need an EdDSA key pair. As we cannot assure that the corresponding private key is truly secret, such policy @@ -205,7 +204,7 @@ HKDF to ensure that the result differs from other cases where we hash Encryption -^^^^^^^^^^ +---------- For symmetric encryption of data we use AES256-GCM. For this we need a symmetric key and an initialization vector (IV). To ensure that the @@ -234,16 +233,16 @@ avoid key reuse. So, we have to use different nonces to get different keys and i **iv**: IV which will be used for AES-GCM. ---------- + Key Usage ---------- +^^^^^^^^^ The keys we have generated are then used to encrypt the **recovery document** and the **key_share** of the user. Encryption -^^^^^^^^^^ +---------- Before every encryption a 32-byte nonce is generated. From this the symmetric key is computed as described above. @@ -275,7 +274,7 @@ at the various providers. the same number as specified above for *encrypted_key_share_i*. Nonce must contain the string "EKS" plus the according *i*. Signatures -^^^^^^^^^^ +---------- The EdDSA keys are used to sign the data sent from the client to the server. Everything the client sends to server is signed. The following @@ -307,9 +306,9 @@ When requesting policy downloads, the client must also provide a signature: **ver_res**: A boolean value. True: Signature verification passed, False: Signature verification failed. ---------------------------- + Availability Considerations ---------------------------- +^^^^^^^^^^^^^^^^^^^^^^^^^^^ Anastasis considers two main threats against availability. First, the Anastasis server operators must be protected against denial-of-service attacks @@ -942,7 +941,7 @@ In the following, the individual transitions will be specified in more detail. Initial state -""""""""""""" +------------- The initial states for backup and recovery processes are looking like following: @@ -973,7 +972,7 @@ The initial states for backup and recovery processes are looking like following: Common transitions -"""""""""""""""""" +------------------ **select_continent:** @@ -1188,7 +1187,7 @@ unreachable, service on port 8088 was previously known, and service on port Backup transitions -"""""""""""""""""" +------------------ **enter_user_attributes:** @@ -1543,7 +1542,7 @@ Optional arguments to try uploading just specific truths (example): Recovery transitions -"""""""""""""""""""" +-------------------- **enter_user_attributes:** |