Page MenuHomePhabricator

[keyserver] Generate an AES256 key (ephemeral) to encode
ClosedPublic

Authored by rohan on Sep 13 2023, 9:04 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 26, 3:06 AM
Unknown Object (File)
Fri, Nov 22, 6:31 PM
Unknown Object (File)
Thu, Oct 31, 2:39 PM
Unknown Object (File)
Thu, Oct 31, 2:39 PM
Unknown Object (File)
Thu, Oct 31, 2:39 PM
Unknown Object (File)
Thu, Oct 31, 2:36 PM
Unknown Object (File)
Oct 18 2024, 1:33 AM
Unknown Object (File)
Oct 12 2024, 4:13 PM

Details

Summary

The first key we want to encode into the QR code is the AES-256 ephemeral key. The next diff will be the device id.

Depends on D9180

Addresses ENG-4778

Test Plan

Confirmed that the ephemeral key is encoded in the URL. Essentially repeating the test plan from D9093

Screenshot 2023-09-13 at 12.00.11 PM.png (1×3 px, 1 MB)

Diff Detail

Repository
rCOMM Comm
Branch
terminal_qr
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

rohan requested review of this revision.Sep 13 2023, 9:21 AM

Can we use any random string as an AES-256 key? Or are there some additional requirements?

Can we use any random string as an AES-256 key? Or are there some additional requirements?

On the whitepaper, it says

Every user device (except the primary one) must link itself to the user account. There must already be an primary device registered with Comm that corresponds to the user. The two devices use a QR code to share a 128-bit AES secret key sk, which is used to secure communication between them during the protocol.

Unless I missed something, my understanding was that there was no specific requirements to the key, though feel free to correct me.

(As a side note, I'm noticing its a 128-bit key and not a 256-bit key, so I should probably use crypto.randomBytes(16) instead and update this)

We actually want a 256-bit key. I think @anunay is in the process of updating that

Seems reasonable, but not super familiar with the requirements

Can we use any random string as an AES-256 key? Or are there some additional requirements?

The key must be exactly 256 bits in length and it just needs to be a random sequence of bytes. No other requirements.

This revision is now accepted and ready to land.Sep 20 2023, 9:48 PM