Am 14.01.2013 06:05, schrieb Dev Random:
Hi all,
I plan to use the Type 8 TLV / extra symmetric key in the Gibberbot
project, but I am puzzled by the description in the OTRv3 spec.
TLVs are already encrypted inside the message envelope. What is then
the function of the additional key h2(0xFF)? Since the message is
already encrypted with a related key - h1(), there seems to be no added
security from another layer of encryption.
Could the Type 8 TLV data be used as is (without using h2(0xFF) to encrypt)?
I also note that the libotr4 implementation of otrl_message_symkey
doesn't do any encryption on sending, and only provides h2(0xFF) as a
callback, but doesn't do decryption.
[sent this off-list earlier, sorry]
The TLV8 is used to indicate to your partner's client that you intend to
use the key, not to exchange key material (both sides know the key
already). The contents are entirely application-defined.
-Kjell
_______________________________________________
OTR-dev mailing list
OTR-dev@lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
