Closed
Bug 1227429
Opened 8 years ago
Closed 8 years ago
Request kB generation if needed
Categories
(Firefox OS Graveyard :: Sync, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mbdejong, Unassigned)
References
Details
The SyncManager should tell the Sync app if it needs to generate keys, and if so, upload kA, kB to the onepw server afterwards.
Reporter | ||
Comment 1•8 years ago
|
||
In bug 1227084 I'm drafting the code to check if `generateKeys` is set in the IAC request options [1], and if so, return an IAC response [2] that looks like this: { id: ..., error: ..., response: { kA: 'Base64String', kB: 'Base64String' } } So when an FxA account exists, but no kA, kB is available for it, the SyncManager should ask the Sync app to generate them in the first request. To do this: * leave out `kB` in the request options * add a `generateKeys: true` option * get IACResponse.response.kA and IACResponse.response.kB and upload them to the onepw server Do you think this could work? [1] https://github.com/michielbdejong/gaia/blob/8abbe61b283ec584022d09eb4fd97a9b6644baba/apps/sync/js/bootstrap.js#L57-L58 [2] https://github.com/michielbdejong/gaia/blob/8abbe61b283ec584022d09eb4fd97a9b6644baba/apps/sync/js/bootstrap.js#L120
Flags: needinfo?(ferjmoreno)
Reporter | ||
Updated•8 years ago
|
Comment 2•8 years ago
|
||
Replied through IRC: 18:08:55] <~ferjm> I believe kA and kB are already generated by the onepw server, so we don't need to generate and upload them again [18:09:29] <~ferjm> in fact, there's no way to do that https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md [18:09:47] <@michielbdejong> ah :) [18:10:05] <@michielbdejong> It's weird though that they are generated server-side, right? [18:10:58] <@michielbdejong> Although I guess the unwrapped kB only exists in memory for a short time, so it's probably pretty safe [18:11:22] <~ferjm> you did the crypto part, but IIRC there were two set of keys: kA/kB which are stored in FxA server, and the sync crypto keys, which are stored in the sync server (crypto/keys) encrypted with kB [18:11:44] <@michielbdejong> yes [18:11:48] <~ferjm> IIUC what we need to generate here are the sync crypto keys only [18:11:57] <~ferjm> use kB to encrypt them [18:12:06] <~ferjm> and upload them to crypto/keys [18:12:06] <@michielbdejong> ok, so that simplifies things. Then we don't need to change the IAC call. [18:12:28] <~ferjm> no, I think all can happen inside the Sync app :)
Flags: needinfo?(ferjmoreno)
Reporter | ||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•