canmove, Confirmed users
725
edits
Services/KeyExchange: Difference between revisions
Jump to navigation
Jump to search
→Overview
m (→Overview: link J-PAKE to an explanation of it) |
|||
| Line 51: | Line 51: | ||
<pre> | <pre> | ||
Mobile Server | Mobile Server Desktop | ||
================================================================== | =================================================================== | ||
| | | | ||
retrieve channel <---------------| | retrieve channel <---------------| | ||
generate random secret | | generate random secret | | ||
show PIN = secret + channel | | show PIN = secret + channel | ask user for PIN | ||
upload Mobile's message 1 ------>| | upload Mobile's message 1 ------>| | ||
|---> retrieve Mobile's message 1 | |----> retrieve Mobile's message 1 | ||
|<---- upload Desktop's message 1 | |<----- upload Desktop's message 1 | ||
retrieve Desktop's message 1 <---| | retrieve Desktop's message 1 <---| | ||
upload Mobile's message 2 ------>| | upload Mobile's message 2 ------>| | ||
|---> retrieve Mobile's message 2 | |----> retrieve Mobile's message 2 | ||
| | | compute key | ||
|<---- upload Desktop's message 2 | |<----- upload Desktop's message 2 | ||
retrieve Desktop's message 2 <---| | retrieve Desktop's message 2 <---| | ||
compute key | | compute key | encrypt known value | ||
encrypt known value ------------>| | |||
| | |-------> retrieve encrypted value | ||
| | |verify against local value & HMAC | ||
| | | encrypt credentials | ||
|<------------ upload credentials | |<------------- upload credentials | ||
retrieve credentials <-----------| | retrieve credentials <-----------| | ||
verify HMAC | | verify HMAC | | ||