Talk:Services/Sync/SimplifiedCrypto: Difference between revisions
Jump to navigation
Jump to search
| Line 12: | Line 12: | ||
== Upgrading existing Sync Keys to the new AES key == | == Upgrading existing Sync Keys to the new AES key == | ||
PBKDF2 iteration count it 4096, key length 128 bit. | |||
Example (Java): | |||
<pre> | <pre> | ||
/** | /** | ||
Revision as of 08:28, 4 December 2010
sync key representation
The sync key is represented to the user as:
X-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
Deriving encryption and HMAC keys from the Sync Key
The hmac used is an SHA-256 HMAC.
(A deep link to Utils.makeHMACKey() would be helpful here.)
Upgrading existing Sync Keys to the new AES key
PBKDF2 iteration count it 4096, key length 128 bit.
Example (Java):
/**
* See https://wiki.mozilla.org/Services/Sync/SimplifiedCrypto#Upgrading_existing_Sync_Keys_to_the_new_AES_key
* for details on the algorithm.
* @param aV3Passphrase
* @return the v4 syncKey (serves the same purpose as the passphrase before)
* @throws Exception see {@link #passwordToSymmetricKey(char[], byte[])}
* @throws UnsupportedEncodingException should not happen (ASCII)
*/
public String upgradeV3PassphraseToV4SyncKey(final String aV3Passphrase) throws UnsupportedEncodingException, Exception {
String salt = mSyncID;
KeySpec ks = new PBEKeySpec(aV3Passphrase.toCharArray(), salt.getBytes("ASCII"), 4096, 128);
PBKDF2HmacSHA1Factory f = new PBKDF2HmacSHA1Factory();
SecretKey s = f.engineGenerateSecret(ks);
String base32 = biz.wolschon.android.codec.binary.Base32.encode(s.getEncoded()).toLowerCase();
String syncKey = base32.replace('l', '8').replace('o', '9');
syncKey = syncKey.charAt(0)
+ "-" + syncKey.substring(1, 6)
+ "-" + syncKey.substring(6, 11)
+ "-" + syncKey.substring(11, 16)
+ "-" + syncKey.substring(16, 21)
+ "-" + syncKey.substring(21, 26);
Log.d(LOG_TAG, "upgraded passphrase to syncKey \"" + syncKey + "\"");
return syncKey;
}