add versioning, authentication

marcusklaas / yapm-client

super-straight-forward-single-user-json-aes-based-online-password-manager

4 stars 1 forks source link

add versioning, authentication #7

Closed marcusklaas closed 9 years ago

marcusklaas commented 9 years ago

Keep an unencrypted version number. Do encrypt-then-mac. Maybe our package should look something like this before mac:

{ version: 1552, payload: "base64encodedcryptopayload" }

The server update rules then become very simple: update iff macChecksOut() && version = previousVersion + 1.

marcusklaas commented 9 years ago

Let's use RSA-PSS (http://www.w3.org/TR/WebCryptoAPI/#rsa-pss) to sign the whole thing. We can store the public key on the server side. Verify before accepting update. Client can probably derive public and private key from a hash (SHA1?) of password.

marcusklaas commented 9 years ago

We can use the version for our iv, too!

marcusklaas commented 9 years ago

Not implemented exactly as outlined above (we use HMAC instead of assymetric crypto), but we have authentication non the less. Using version based iv as well.