> > This seems pretty vague though. Can anyone explain (or point me to > some documentation) how exactly are the kA and kB keys used to > encrypt/decrypt the synchronized data records? >
Very loosely, you can read https://docs.services.mozilla.com/sync/storageformat5.html#cryptography and substitute "kB" for "sync key". The rest of the stack below — bulk/collection keys in crypto/keys and all that jazz — stays the same. > What is the encryption key mentioned above? Is it kA, or kB, or the > "key" field in the JSON retrieved from the Token Server, or none of > these at all? I assume it can't be the the key from the Token Server > though, since this is not constant. > It's kB. > Also, what is the hash function that Firefox uses to encode the key? I > assume it must be a 128 bit hash function (MD5 maybe?) since the hex > encoded hash must fit in 32 characters. > https://dxr.mozilla.org/mozilla-central/source/mobile/android/services/src/main/java/org/mozilla/gecko/fxa/login/Married.java#37 * The token server accepts an X-Client-State header, which is the * lowercase-hex-encoded first 16 bytes of the SHA-256 hash of the * bytes of kB.
_______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
