Talk:Services/Sync/SimplifiedCrypto
From MozillaWiki
sync key representation
The sync key is represented to the user as:
X-XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
Deriving encryption and HMAC keys from the Sync Key
The hmac used is an SHA-256 HMAC.
- Sourcecode of Utils.makeHMACKey() Sorry, it's a native method.
- What is the value of HMAC_INPUT?
- source
- it is the string "Sync-AES_256_CBC-HMAC256"
- what is enc + HMAC_INPUT + u + "\x02"? (enc is a byte array, the others are strings)
- \x?? = "The Latin-1 character specified by the two hexadecimal digits dd between 00 and FF. ie, copyright symbol is \xA9."
- \x01 = SOH = \u0001 in unicode
Upgrading existing Sync Keys to the new AES key
PBKDF2 iteration count it 4096, key length 128 bit.
Keep in mind that while everywhere else Base64 is used, this is Base32.
Example (Java):
/** * See https://wiki.mozilla.org/Services/Sync/SimplifiedCrypto#Upgrading_existing_Sync_Keys_to_the_new_AES_key * for details on the algorithm. * @param aV3Passphrase * @return the v4 syncKey (serves the same purpose as the passphrase before) * @throws Exception see {@link #passwordToSymmetricKey(char[], byte[])} * @throws UnsupportedEncodingException should not happen (ASCII) */ public String upgradeV3PassphraseToV4SyncKey(final String aV3Passphrase) throws UnsupportedEncodingException, Exception { String salt = mSyncID; KeySpec ks = new PBEKeySpec(aV3Passphrase.toCharArray(), salt.getBytes("ASCII"), 4096, 128); PBKDF2HmacSHA1Factory f = new PBKDF2HmacSHA1Factory(); SecretKey s = f.engineGenerateSecret(ks); String base32 = biz.wolschon.android.codec.binary.Base32.encode(s.getEncoded()).toLowerCase(); String syncKey = base32.replace('l', '8').replace('o', '9'); syncKey = syncKey.charAt(0) + "-" + syncKey.substring(1, 6) + "-" + syncKey.substring(6, 11) + "-" + syncKey.substring(11, 16) + "-" + syncKey.substring(16, 21) + "-" + syncKey.substring(21, 26); Log.d(LOG_TAG, "upgraded passphrase to syncKey \"" + syncKey + "\""); return syncKey; }