Hello Gabriel, *About the X-Client-State* we implemented a Python client that does it:
It starts from there: https://github.com/mozilla/PyFxA/blob/master/fxa/plugins/requests.py#L34-L91 And then you have the client_state generation code here: https://github.com/mozilla/PyFxA/blob/master/fxa/tools/browserid.py#L24 *About the usage of kA and kB *We implemented the decryption code for Firefox OS using kB, you can see the code here: https://github.com/mozilla-b2g/gaia/blob/master/shared/js/sync/crypto/fxsyncwebcrypto.js There is also the Sync client in Gecko/Firefox for Android and Firefox for IOS that you can use as a reference. *kA *is set once per Firefox Account users. *wrapkB *changes each time the user reset their password and need to be derivated with the user password. (You can see how here: https://github.com/mozilla/PyFxA/blob/master/fxa/core.py#L124-L131) Hope this helps, Rémy Le 20/07/2016 à 13:31, Gabriel Ivașcu a écrit : > Hi, > > I have two questions regarding the Sync protocol: > > 1) It is mentioned at > > https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol#-fetching-sync-keys > > that ""kA" and "kB" enable the browser to encrypt/decrypt synchronized > data records. They will be used to derive separate encryption and HMAC > keys for each data collection (bookmarks, form-fill data, > saved-password, open-tabs, etc)". > > This seems pretty vague though. Can anyone explain (or point me to > some documentation) how exactly are the kA and kB keys used to > encrypt/decrypt the synchronized data records? > > I've looked at https://docs.services.mozilla.com/storage/apis-1.5.html > but it doesn't provide any info about the actual crypto process. > > 2) It is mentioned at > > https://moz-services-docs.readthedocs.io/en/latest/token/apis.html#request-headers > > that the X-Client-State request header "may be up to 32 characters > long" and "clients accessing SyncStorage API v1.5 would include a > hex-encoded hash of the encryption key in this header, since a change > in the encryption key will make any existing data unreadable". > > What is the encryption key mentioned above? Is it kA, or kB, or the > "key" field in the JSON retrieved from the Token Server, or none of > these at all? I assume it can't be the the key from the Token Server > though, since this is not constant. > > Also, what is the hash function that Firefox uses to encode the key? I > assume it must be a 128 bit hash function (MD5 maybe?) since the hex > encoded hash must fit in 32 characters. > > Thank you, > Gabriel > _______________________________________________ > Sync-dev mailing list > Sync-dev@mozilla.org > https://mail.mozilla.org/listinfo/sync-dev
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sync-dev mailing list Sync-dev@mozilla.org https://mail.mozilla.org/listinfo/sync-dev