Confirm
471
edits
Changes
m
session key. It uses this session key to decrypt a bundle of encrypted data from the keyserver, resulting in three values: kA, wrap(kB), and the sessionToken. The stretchedPW is also used to derive the key that will decrypt wrap(kB) into the actual kB value.
→Login: Obtaining the authToken
This protocol starts by using key-stretching to transform the email+password into a "stretchedPW", then feeds this into an SRP protocol to get the authToken.
[[File:PICL-IdPAuth-auth-start.png|IdP Auth Protocol]]
