[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-anastasis] branch master updated: Corrected some ter
From: |
gnunet |
Subject: |
[GNUnet-SVN] [taler-anastasis] branch master updated: Corrected some terminology. Inserted possibility to obtain salt of the provider |
Date: |
Thu, 22 Aug 2019 18:10:14 +0200 |
This is an automated email from the git hooks/post-receive script.
dennis-neufeld pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new c7107be Corrected some terminology. Inserted possibility to obtain
salt of the provider
c7107be is described below
commit c7107be8a8458959c0a9fbc5aabdb9b797ef0f15
Author: Dennis Neufeld <address@hidden>
AuthorDate: Thu Aug 22 18:10:00 2019 +0200
Corrected some terminology. Inserted possibility to obtain salt of the
provider
---
glossary.html.j2 | 17 +++++++-------
src/api/api-anastasis.rst | 60 +++++++++++++++++++++++++++++++----------------
2 files changed, 49 insertions(+), 28 deletions(-)
diff --git a/glossary.html.j2 b/glossary.html.j2
index d87c351..be05c28 100644
--- a/glossary.html.j2
+++ b/glossary.html.j2
@@ -6,14 +6,15 @@
<dt>{{ _("backup provider") }}</dt>
<dd>
{% trans %}
- provider which holds the backup (e.g. encrypted masterkey of a GNU Taler
Wallet)
- and the corresponding policies to restore the masterkey
+ provider which holds the backup of the service/program (e.g. GNU Taler
Wallet), for which
+ we want to have the possibility to recover the masterkey.
{% endtrans %}
</dd>
-<dt>{{ _("key provider") }}</dt>
+<dt>{{ _("escrow provider") }}</dt>
<dd>
{% trans %}
- provider which stores the keyshare belonging to a policy
+ provider which stores the backup of the masterkey and the corresponding
policies for key
+ recovery and/or one or more keyshare(s).
{% endtrans %}
</dd>
<dt>{{ _("truth") }}</dt>
@@ -27,19 +28,19 @@
<dt>{{ _("(Escrow)Method") }}</dt>
<dd>
{% trans %}
- method which is used to authorize the client to get the keyshare from
the key provider
+ method which is used to authorize the client to get the key share from
the escrow provider
{% endtrans %}
</dd>
<dt>{{ _("(Decryption)Policy") }}</dt>
<dd>
{% trans %}
- specification of how to decrypt the encrypted backup
+ specification of how to decrypt the encrypted masterkey backup
{% endtrans %}
</dd>
-<dt>{{ _("keyshare") }}</dt>
+<dt>{{ _("key share") }}</dt>
<dd>
{% trans %}
- key which is shared with the key provider and belongs to a policy
+ partial key of the key needed to decrypt the masterkey backup of the
corresponding policy.
{% endtrans %}
</dd>
</div>
diff --git a/src/api/api-anastasis.rst b/src/api/api-anastasis.rst
index bc10e7e..48d2e5d 100644
--- a/src/api/api-anastasis.rst
+++ b/src/api/api-anastasis.rst
@@ -26,13 +26,37 @@ for all details not specified in the individual requests.
For security reasons, we assume that the service is only accessed over TLS.
+.. _salt:
+
+-----------
+Obtain salt
+-----------
+
+.. http:get:: /salt
+
+ Obtain the salt used by the escrow provider.
+
+
+ **Response:**
+
+ Returns a `SaltResponse`_.
+
+ .. _SaltResponse:
+ .. _tsref-type-SaltResponse:
+ .. code-block:: tsref
+
+ interface SaltResponse {
+ // salt value, at least 128 bits of entropy
+ salt: string;
+ }
+
.. _policy:
--------------------------------
-Manage policy - Backup provider
--------------------------------
+-------------
+Manage policy
+-------------
-This API is used by Anastasis clients to obtain or upload policies and the
corresponding encrypted masterkey from/to the backup provider.
+This API is used by Anastasis clients to obtain or upload policies and the
corresponding encrypted masterkey from/to the escrow provider.
The client is identified and authorized by $ACCOUNT_PUB, which should be kept
secret from third parties. $ACCOUNT_PUB should be an
EdDSA public key.
@@ -45,7 +69,7 @@ EdDSA public key.
policy and the encrypted master public key.
:status 200 OK:
- The backup provider responds with an `EncryptedPolicyDocument`_ object.
This request should
+ The escrow provider responds with an `EncryptedPolicyDocument`_ object.
This request should
virtually always be successful, if the account exists.
X-Anastasis-Version: $NUMBER --- return actual version number in header;
@@ -73,7 +97,7 @@ EdDSA public key.
.. code-block:: tsref
interface PolicyDocument {
- // List of key providers and selected authentication method
+ // List of escrow providers and selected authentication method
methods: EscrowMethod[];
// List of possible decryption policies
@@ -90,7 +114,7 @@ EdDSA public key.
.. code-block:: tsref
interface EscrowMethod {
- // URL of the key provider
+ // URL of the escrow provider
provider_url : string;
// Name of the escrow method (e.g. security question, SMS etc.)
@@ -117,10 +141,6 @@ EdDSA public key.
// List of escrow methods identified by their uuid
uuid: uuid[];
- // Name of the service/program the masterkey is for (e.g. GNU Taler
Wallet No.1,
- // GNU Taler Wallet No.2, KeePass No.1 etc.)
- name: string;
-
}
@@ -133,11 +153,11 @@ EdDSA public key.
Otherwise, store new version.
-.. _keyshare:
+.. _escrow:
-------------------------------------------
-Manage key share for escrow - Key provider
-------------------------------------------
+---------------------------
+Manage key share for escrow
+---------------------------
This API is used by Anastasis clients to share a key share with the
key provider. The client is identified and authorized by $ACCOUNT_PUB,
@@ -145,9 +165,9 @@ which should be kept secret from third parties.
$ACCOUNT_PUB should be an
EdDSA public key.
-.. http:post:: /keyshare/$ACCOUNT_PUB/$UUID
+.. http:post:: /escrow/$ACCOUNT_PUB/$UUID
- Send key share to key provider.
+ Send key share to escrow provider.
**Request:** The request body must be a `KeyShare`_ object.
@@ -189,7 +209,7 @@ EdDSA public key.
}
-.. http:get:: /keyshare/$ACCOUNT_PUB/$UUID
+.. http:get:: /escrow/$ACCOUNT_PUB/$UUID
Request masterkey recovery.
@@ -204,7 +224,7 @@ EdDSA public key.
:status 303 See Other:
The key provider responds with a `EscrowChallenge`_ object.
:status 304 Not Modified:
- Empty body, the key provider will respond out-of-band.
+ Empty body, the key provider will respond out-of-band (i.e. SMS).
:status 402 Payment Required:
Payment Required
:status 404 Not Found:
@@ -232,7 +252,7 @@ EdDSA public key.
.. code-block:: tsref
interface Recovery {
- // Escrow recovery nonce
+ // Escrow recovery key
key: byte[32];
}
--
To stop receiving notification emails like this one, please contact
address@hidden.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-anastasis] branch master updated: Corrected some terminology. Inserted possibility to obtain salt of the provider,
gnunet <=