mirror of https://github.com/restic/restic.git
doc/design: fix keys.data MAC format description
"not including the last 32 byte" was wrong, should have been 16 bytes. But the whole description is redundant anyway.
This commit is contained in:
Filippo Valsorda
GitHub
parent
22e96a37f8
commit
3dccca1f27
|
|
@ -315,13 +315,12 @@ divided into a 16 byte AES key ``k`` followed by 16 bytes of secret key
|
||||||
``r``. The key ``r`` is then masked for use with Poly1305 (see the paper
|
``r``. The key ``r`` is then masked for use with Poly1305 (see the paper
|
||||||
for details).
|
for details).
|
||||||
|
|
||||||
Those message authentication keys (``k`` and ``r``) are used to compute
|
Those keys are used to authenticate and decrypt the bytes contained in
|
||||||
a MAC over the bytes contained in the JSON field ``data`` (after
|
the JSON field ``data`` with AES-256 and Poly1305-AES as if they were
|
||||||
removing the Base64 encoding and not including the last 32 byte). If the
|
any other blob (after removing the Base64 encoding). If the
|
||||||
password is incorrect or the key file has been tampered with, the
|
password is incorrect or the key file has been tampered with, the
|
||||||
computed MAC will not match the last 16 bytes of the data, and restic
|
computed MAC will not match the last 16 bytes of the data, and restic
|
||||||
exits with an error. Otherwise, the data is decrypted with the
|
exits with an error. Otherwise, the data yields a JSON document
|
||||||
encryption key derived from ``scrypt``. This yields a JSON document
|
|
||||||
which contains the master encryption and message authentication keys for
|
which contains the master encryption and message authentication keys for
|
||||||
this repository (encoded in Base64). The command
|
this repository (encoded in Base64). The command
|
||||||
``restic cat masterkey`` can be used as follows to decrypt and
|
``restic cat masterkey`` can be used as follows to decrypt and
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue