Add additional entropy to client-side generation of `storage_key` in arbitrary secrets

boltlabs-inc / key-mgmt-spec

Formal specification for the key management project

MIT License

3 stars 2 forks source link

Open indomitableSwan opened 1 year ago

indomitableSwan commented 1 year ago

Currently the client generates storage_key used for e2e encrypted storage of data using just their internal RNG.

Instead:

the server should choose a nonce and send this to the client
the client should use their RNG to pick a seed uniformly at random, and then use a KDF to derive storage_key from the server-chosen nonce and the client-chosen seed.

indomitableSwan commented 1 year ago

Recommendation: adjust naming of storage_key to emphasize that this is a key chosen client-side, e.g., client_storage_key.