commit 92a26a59760f5289b63a68d7c6bf459be2c02705
parent 9753a6edb80e8e5496a427bbec013fc45b140b65
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 29 Mar 2021 12:27:49 +0200
restructure Anastasis docs a bit
Diffstat:
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/anastasis.rst b/anastasis.rst
@@ -122,9 +122,8 @@ encrypted **core secret**, a set of escrow methods and a set of policies.
----------------
Key derivations
----------------
+^^^^^^^^^^^^^^^
EdDSA and ECDHE public keys are always points on Curve25519 and represented
using the standard 256 bit Ed25519 compact format. The binary representation
@@ -161,7 +160,7 @@ likely also be available to other actors.
Verification
-^^^^^^^^^^^^
+------------
For users to authorize "policy" operations we need an EdDSA key pair. As we
cannot assure that the corresponding private key is truly secret, such policy
@@ -205,7 +204,7 @@ HKDF to ensure that the result differs from other cases where we hash
Encryption
-^^^^^^^^^^
+----------
For symmetric encryption of data we use AES256-GCM. For this we need a
symmetric key and an initialization vector (IV). To ensure that the
@@ -234,16 +233,16 @@ avoid key reuse. So, we have to use different nonces to get different keys and i
**iv**: IV which will be used for AES-GCM.
----------
+
Key Usage
----------
+^^^^^^^^^
The keys we have generated are then used to encrypt the **recovery document** and
the **key_share** of the user.
Encryption
-^^^^^^^^^^
+----------
Before every encryption a 32-byte nonce is generated.
From this the symmetric key is computed as described above.
@@ -275,7 +274,7 @@ at the various providers.
the same number as specified above for *encrypted_key_share_i*. Nonce must contain the string "EKS" plus the according *i*.
Signatures
-^^^^^^^^^^
+----------
The EdDSA keys are used to sign the data sent from the client to the
server. Everything the client sends to server is signed. The following
@@ -307,9 +306,9 @@ When requesting policy downloads, the client must also provide a signature:
**ver_res**: A boolean value. True: Signature verification passed, False: Signature verification failed.
----------------------------
+
Availability Considerations
----------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
Anastasis considers two main threats against availability. First, the
Anastasis server operators must be protected against denial-of-service attacks
@@ -942,7 +941,7 @@ In the following, the individual transitions will be specified in more detail.
Initial state
-"""""""""""""
+-------------
The initial states for backup and recovery processes are looking like following:
@@ -973,7 +972,7 @@ The initial states for backup and recovery processes are looking like following:
Common transitions
-""""""""""""""""""
+------------------
**select_continent:**
@@ -1188,7 +1187,7 @@ unreachable, service on port 8088 was previously known, and service on port
Backup transitions
-""""""""""""""""""
+------------------
**enter_user_attributes:**
@@ -1543,7 +1542,7 @@ Optional arguments to try uploading just specific truths (example):
Recovery transitions
-""""""""""""""""""""
+--------------------
**enter_user_attributes:**
