Hi, I have two questions regarding the Sync protocol:
1) It is mentioned at https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol#-fetching-sync-keys that ""kA" and "kB" enable the browser to encrypt/decrypt synchronized data records. They will be used to derive separate encryption and HMAC keys for each data collection (bookmarks, form-fill data, saved-password, open-tabs, etc)". This seems pretty vague though. Can anyone explain (or point me to some documentation) how exactly are the kA and kB keys used to encrypt/decrypt the synchronized data records? I've looked at https://docs.services.mozilla.com/storage/apis-1.5.html but it doesn't provide any info about the actual crypto process. 2) It is mentioned at https://moz-services-docs.readthedocs.io/en/latest/token/apis.html#request-headers that the X-Client-State request header "may be up to 32 characters long" and "clients accessing SyncStorage API v1.5 would include a hex-encoded hash of the encryption key in this header, since a change in the encryption key will make any existing data unreadable". What is the encryption key mentioned above? Is it kA, or kB, or the "key" field in the JSON retrieved from the Token Server, or none of these at all? I assume it can't be the the key from the Token Server though, since this is not constant. Also, what is the hash function that Firefox uses to encode the key? I assume it must be a 128 bit hash function (MD5 maybe?) since the hex encoded hash must fit in 32 characters. Thank you, Gabriel _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
