The result is posted to the server as the pdpka5 parameter (note that "PDPKA" standsįor Passphrase-Derived Public Key Authentication).Īs for the slight complication we hinted at above, clients should log in withīoth Version 4 and Version 5 of the protocol at the same time. Packages the result as a Keybase-style signature. The client then computes the EdDSA signature of this JSON blob (stringified with minimal white space), and expire_in: how long this signature is good for after it expires, it will not be admissable for login.ctime: the UTC-time when this signature was generated.If the login is done via email, this field will be absentĪnd an email field will be present with the intended email address username: the username who is trying to login.kid: the key ID of the public key that will verify this signature.session: returned from getsalt in the previous stage of the login flow.nonce: a random 16-byte nonce generated by the client that once accepted cannot be replayed."session": "lgG5dGhlbWF4KzhkY2FhNjc4QGdtYWlsLmNvbc5YBShhzQlgwMQgtABibipP7sQIpLv/hO+akJ5mdrD64QkuhY08VdLwtW0=" The client should sign a JSON blob of the form: Secret key by making a signature that the server can verify. Passphrase stream ( v5 above) is intepreted as an EdDSA private key. PassphraseStream = scrypt(passphrase, unhex(salt), N=2 15, r=8, p=1, dkLen=256)Īt first, let's cover version 5 of the protocol, and then we'll Used to authenticate the user during login: The first 192 bytes of output are used for secret-key encryption elsewhere in the The password hash is a function of the UTF-8 password,Īnd the binary encoding of the salt (which was returned in hex from the server). In this, the second round of the protocol, the client computes To retrieve a salt and a login_session token. In the first round, the client called getsalt "BAD_LOGIN_PASSWORD" "BAD_LOGIN_USER_NOT_FOUND" Pdpka5: "g6Rib2R5hqhkZXRhY2hlZMOpaGFzaF90eXBlCqNrZXnEIwEgbyBuVXsJzAkRjK4mAmHNvtOKhyHKSonMiRWg7La+KI4Kp3BheWxvYWTFAbd7ImJvZHkiOnsiYXV0aCI6eyJub25jZSI6ImVkYTA5MjFhYjg5NzkzMGZiODc0OTFjZjlmOTczNGVmIiwic2Vzc2lvbiI6ImxnSFpJRFF4WVRGa09HSTJObUprWXpkall6aGtPRGswTnpCaVlXVmtNV1F6TkRFNXpsZ0ZkeTNOQ1dEQXhDQW1jN2QrcmNkSGZPYWRtUjJVN2xTRko2NzJtY1Q3RmxBNG5Vc2cycEhRNGc9PSJ9LCJrZXkiOnsiaG9zdCI6ImtleWJhc2UuaW8iLCJraWQiOiIwMTIwNmYyMDZlNTU3YjA5Y2MwOTExOGNhZTI2MDI2MWNkYmVkMzhhODcyMWNhNGE4OWNjODkxNWEwZWNiNmJlMjg4ZTBhIiwidWlkIjoiNDFhMWQ4YjY2YmRjN2NjOGQ4OTQ3MGJhZWQxZDM0MTkiLCJ1c2VybmFtZSI6InU2NzU1ZGM0ZiJ9LCJ0eXBlIjoiYXV0aCIsInZlcnNpb24iOjF9LCJjdGltZSI6MTQ3Njc1MzE5NywiZXhwaXJlX2luIjoxNTc2ODAwMDAsInRhZyI6InNpZ25hdHVyZSJ9o3NpZ8RALfJuyhIs/4CIIHi6WpF0sB1GFXH+yVGBztPp5QeqFAIZ4ycUPYGKmtLbR4NxcQHq2d4OTPblwHwoPWdrkawoC6hzaWdfdHlwZSCjdGFnzQICp3ZlcnNpb24B" pdpka4: "g6Rib2R5hqhkZXRhY2hlZMOpaGFzaF90eXBlCqNrZXnEIwEgTnrhJensoHhID/9vyD+KYm6e+9qDfdbFrB5sjg6YZDUKp3BheWxvYWTFAbd7ImJvZHkiOnsiYXV0aCI6eyJub25jZSI6IjE3ZGVkZTg2MjM1M2I5NWI3ODVlMTUyMDhiZWNmYTZjIiwic2Vzc2lvbiI6ImxnSFpJRFF4WVRGa09HSTJObUprWXpkall6aGtPRGswTnpCaVlXVmtNV1F6TkRFNXpsZ0ZkeTNOQ1dEQXhDQW1jN2QrcmNkSGZPYWRtUjJVN2xTRko2NzJtY1Q3RmxBNG5Vc2cycEhRNGc9PSJ9LCJrZXkiOnsiaG9zdCI6ImtleWJhc2UuaW8iLCJraWQiOiIwMTIwNGU3YWUxMjVlOWVjYTA3ODQ4MGZmZjZmYzgzZjhhNjI2ZTllZmJkYTgzN2RkNmM1YWMxZTZjOGUwZTk4NjQzNTBhIiwidWlkIjoiNDFhMWQ4YjY2YmRjN2NjOGQ4OTQ3MGJhZWQxZDM0MTkiLCJ1c2VybmFtZSI6InU2NzU1ZGM0ZiJ9LCJ0eXBlIjoiYXV0aCIsInZlcnNpb24iOjF9LCJjdGltZSI6MTQ3Njc1MzE5NywiZXhwaXJlX2luIjoxNTc2ODAwMDAsInRhZyI6InNpZ25hdHVyZSJ9o3NpZ8RAY24jVxf/661fILLrRwsfC6/dY102bGPiKCWcYTNLAYR6YZXBP7UstNktpkz7Ymjt9HVZwgVvPxtOpUO8Wne3BKhzaWdfdHlwZSCjdGFnzQICp3ZlcnNpb24B"
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |