Key backup - Githubissues

user stories:

start app on a new device, enter password and load keys from server (being authed with mID/card)
when approving a new key, also back it up on server (check password matches first)
on another app check for new keys on the server and sync
change password

Things on server side

Authentication - create a session authentiation with spring-session or spring-security or ...
GET /challenge?idCode=38008020211 [protected with ID card / mobileID ] returns
```
{
plaintext: kfhdfJHnSHoHdhfrerrw098Hsda, // 32 bytes in base64 
id: 38008020211,
active: false
}
```
If the challenge hasn't yet been set then return false for active value.

2.1. POST /challenge?idCode=38008020211 tests a plaintext andencypted` pair

{
   plaintext: kfhdfJHnSHoHdhfrerrw098Hsda, // 32 bytes in base64 
   encrypted: mmdfs349)3jdskl44Nka98gj68klnbfde4VRer, // AES enc in base64
}

returns

{
   plaintext: kfhdfJHnSHoHdhfrerrw098Hsda, // 32 bytes in base64 
   encrypted: mmdfs349)3jdskl44Nka98gj68klnbfde4VRer, // AES enc in base64
   id: 38008020211
}

If the cryptogram is incorrect return 401.

PUT /challenge?idCode=38008020211

{
plaintext: kfhdfJHnSHoHdhfrerrw098Hsda, // 32 bytes in base64 
encrypted: mmdfs349)3jdskl44Nka98gj68klnbfde4VRer, // AES enc in base64
newEncrypted: Am6ds249)3jdskl44Nka98gj68klnbfde4VRer, // AES enc in base64
id: 38008020211
}

Changes encrypted value (equivalent of changing password). Doesn't do anything to the keys - so the client would have to resync the keys with the new password.

POST /keys takes encrypted challenge and new keys

{
encrypted: mmdfs349)3jdskl44Nka98gj68klnbfde4VRer, // AES enc in base64  
keys: [
  {
      address: 0xbc12312... 
      key: IYSksjdsasd8ds9DS... // AES enc key 
  }, 
  ...
]
}

returns encrypted keys for that challenge, including new ones

{
   keys: [
      {
          address: 0xbc12312... 
          key: IYSksjdsasd8ds9DS... // AES enc key 
      }, 
      ...
   ]
}

cryptofiat / account-identity

Key backup #15