-
Notifications
You must be signed in to change notification settings - Fork 1
Crypto
-
AES128 in Cipher Block Chaining mode
This cipher is used to encrypt / decrypt passwords and communications.
-
HMAC-SHA256
This HMAC is used to authenticate the sender, and to calculate the security token.
There is a total of three 128 bits keys involved in the cryptographic design:
- The password Key
- The Challenge-Reponse Key
- The Communication key
They are generated by the token using the Entropy library (see Entropy), and exchanged during pairing. They are printed on screen during pairing using a QRCode. This QRCode is the only backup you will have of these keys.
This key is used to encrypt and decrypt passwords (specific to this use-case). This key only exists in the Trustline-token, and in the QrCode generated during paring.
This key is used to resolve the cryptographic challenge to authenticate the sender. It is also used has a counter-mesure against replay-attacks via the security token (nonce + hmac).
This key is used to ensure encrypt communication of clearText over Bluetooth. For example, when you want to copy to clipboard or print your password to the screen, the encrypted password is sent to the token, decrypted using passwordKey, and re-encrypted using the CommunicationKey before being sent back to the Phone, over bluetooth.
This key is shared by Trustline-Token and the App during pairing.
| Data/Storage Loc | Token | QRcode | App | iCloud |
|---|---|---|---|---|
| PassKey | yes | yes | no | no |
| CRKey | yes | yes | yes | no |
| ComKey | yes | yes | yes | no |
When the sender want to perform an authenticated command, it first, asks the token for a challenge (nonce).
Trustline-token then generates a 64 bits random nonce (every random values are generated using Entropy Library), and send it to the App.
Once the nonce received, the shared (during pairing) Challenge-Reponse Key (CRKey) is used to compute the following 32bit value: SecuriytToken = HMAC_SHA256(CRKey, nonce | command).
The security token is prepended to the command (the command used to calculate the security token).
Upon reception of the Security Token + Command, the token performs the same computation with it's CRKey and saved nonce: ValidSecuriytToken = HMAC_SHA256(CRKey, nonce | command)
If SecurityToken sent by the App and ValidSecurityToken computed by the token matches, the command is authenticated.