commit ceec3719d5f22928ff273136e37ab802c4efb90f
parent b2d9f5936b7e867180199771c9e47c6d95ec8b8a
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 16 Aug 2021 11:40:09 +0200
clarify: salt, not nonce
Diffstat:
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/doc/sphinx/cryptography.rst b/doc/sphinx/cryptography.rst
@@ -199,7 +199,7 @@ individual **key share**, we use different salts ("erd" and "eks", respectively)
and the encrypted **core secret**.
**nonce0**: Nonce which is used to generate *key0* and *iv0* which are used for the encryption of the *recovery document*.
-Nonce must contain the string "ERD".
+This key derivation must be done using the salt "erd".
**optional data**: Key material that optionally is contributed from the authentication method to further obfuscate the key share from the escrow provider.
@@ -208,7 +208,8 @@ Here, **i** must be a positive number used to iterate over the various **key sha
at the various providers.
**nonce_i**: Nonce which is used to generate *key_i* and *iv_i* which are used for the encryption of the **key share**. **i** must be
-the same number as specified above for *encrypted_key_share_i*. Nonce must contain the string "EKS" plus the according *i*.
+the same number as specified above for *encrypted_key_share_i*.
+Key derivation must be done using the salt "eks".
As a special rule, when a **security question** is used to authorize access to an
**encrypted_key_share_i**, then the salt "eks" is replaced with an (expensive) hash
