Closed
Bug 1227429
Opened 10 years ago
Closed 10 years ago
Request kB generation if needed
Categories
(Firefox OS Graveyard :: Sync, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mbdejong, Unassigned)
References
Details
The SyncManager should tell the Sync app if it needs to generate keys, and if so, upload kA, kB to the onepw server afterwards.
Reporter | ||
Comment 1•10 years ago
|
||
In bug 1227084 I'm drafting the code to check if `generateKeys` is set in the IAC request options [1], and if so, return an IAC response [2] that looks like this:
{
id: ...,
error: ...,
response: {
kA: 'Base64String',
kB: 'Base64String'
}
}
So when an FxA account exists, but no kA, kB is available for it, the SyncManager should ask the Sync app to generate them in the first request. To do this:
* leave out `kB` in the request options
* add a `generateKeys: true` option
* get IACResponse.response.kA and IACResponse.response.kB and upload them to the onepw server
Do you think this could work?
[1] https://github.com/michielbdejong/gaia/blob/8abbe61b283ec584022d09eb4fd97a9b6644baba/apps/sync/js/bootstrap.js#L57-L58
[2] https://github.com/michielbdejong/gaia/blob/8abbe61b283ec584022d09eb4fd97a9b6644baba/apps/sync/js/bootstrap.js#L120
Flags: needinfo?(ferjmoreno)
Reporter | ||
Updated•10 years ago
|
Comment 2•10 years ago
|
||
Replied through IRC:
18:08:55] <~ferjm> I believe kA and kB are already generated by the onepw server, so we don't need to generate and upload them again
[18:09:29] <~ferjm> in fact, there's no way to do that https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md
[18:09:47] <@michielbdejong> ah :)
[18:10:05] <@michielbdejong> It's weird though that they are generated server-side, right?
[18:10:58] <@michielbdejong> Although I guess the unwrapped kB only exists in memory for a short time, so it's probably pretty safe
[18:11:22] <~ferjm> you did the crypto part, but IIRC there were two set of keys: kA/kB which are stored in FxA server, and the sync crypto keys, which are stored in the sync server (crypto/keys) encrypted with kB
[18:11:44] <@michielbdejong> yes
[18:11:48] <~ferjm> IIUC what we need to generate here are the sync crypto keys only
[18:11:57] <~ferjm> use kB to encrypt them
[18:12:06] <~ferjm> and upload them to crypto/keys
[18:12:06] <@michielbdejong> ok, so that simplifies things. Then we don't need to change the IAC call.
[18:12:28] <~ferjm> no, I think all can happen inside the Sync app :)
Flags: needinfo?(ferjmoreno)
Reporter | ||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•