-
Notifications
You must be signed in to change notification settings - Fork 22
List of used keys
Roman Strobl edited this page Feb 28, 2019
·
6 revisions
PowerAuth Cryptography documentation has been moved to: https://developers.wultra.com/docs/latest/powerauth-crypto/List-of-Used-Keys
Please use the new developer portal to access documentation.
Following keys are used in the PowerAuth 2.0 cryptography scheme.
name | created as | purpose |
---|---|---|
KEY_DEVICE_PRIVATE |
ECDH - private key | Generated on client to allow construction of KEY_MASTER_SECRET
|
KEY_DEVICE_PUBLIC |
ECDH - public key | Generated on client to allow construction of KEY_MASTER_SECRET
|
KEY_SERVER_PRIVATE |
ECDH - private key | Generated on server to allow construction of KEY_MASTER_SECRET
|
KEY_SERVER_PUBLIC |
ECDH - public key | Generated on server to allow construction of KEY_MASTER_SECRET
|
KEY_SERVER_MASTER_PRIVATE |
ECDH - private key | Stored on server, used to assure authenticity of KEY_DEVICE_PUBLIC while transferring from server to client |
KEY_SERVER_MASTER_PUBLIC |
ECDH - public key | Stored on client, used to assure authenticity of KEY_DEVICE_PUBLIC while transferring from server to client |
ACTIVATION_OTP |
Random OTP | A 16b random OTP generated during activation, AES encrypts/decrypts data sent from server to client and vice versa |
KEY_MASTER_SECRET |
ECDH - pre-shared | A key deduced using ECDH derivation, KEY_MASTER_SECRET = ECDH.phase(KEY_DEVICE_PRIVATE,KEY_SERVER_PUBLIC) = ECDH.phase(KEY_SERVER_PRIVATE,KEY_DEVICE_PUBLIC)
|
KEY_SIGNATURE_POSSESSION |
KDF derived key from KEY_MASTER_SECRET
|
A signing key associated with the possession, factor deduced using KDF derivation with INDEX = 1 , KEY_SIGNATURE_POSSESSION = KDF.expand(KEY_MASTER_SECRET, INDEX) , used for subsequent request signing |
KEY_SIGNATURE_KNOWLEDGE |
KDF derived key from KEY_MASTER_SECRET
|
A key associated with the knowledge factor, deduced using KDF derivation with INDEX = 2 , KEY_SIGNATURE_KNOWLEDGE = KDF.expand(KEY_MASTER_SECRET, INDEX) , used for subsequent request signing |
KEY_SIGNATURE_BIOMETRY |
KDF derived key from KEY_MASTER_SECRET
|
A key associated with the biometry factor, deduced using KDF derivation with INDEX = 3 , KEY_SIGNATURE_BIOMETRY = KDF.derive(KEY_MASTER_SECRET, INDEX) , used for subsequent request signing |
KEY_TRANSPORT |
KDF derived key from KEY_MASTER_SECRET
|
A key deduced using KDF derivation with INDEX = 1000 , KEY_TRANSPORT = KDF.expand(KEY_MASTER_SECRET, INDEX) , used for encrypted data transport. This key is used as master transport key for end-to-end encryption key derivation. |
KEY_TRANSPORT_PARTIAL |
KDF derived key from KEY_TRANSPORT using random 16B long SESSION_INDEX as index. |
A base key used for encrypted transport key derivation, deduced using KDF_INTERNAL derivation with INDEX = SESSION_INDEX = Generator.randomBytes(16) , KEY_TRANSPORT_PARTIAL = KDF_INTERNAL.derive(KEY_TRANSPORT, INDEX)
|
KEY_TRANSPORT_ENCRYPTION |
KDF derived key from KEY_TRANSPORT_PARTIAL using random 16B long AD_HOC_INDEX as index. |
A key used for particular data encryption, deduced using KDF_INTERNAL derivation with INDEX = AD_HOC_INDEX = Generator.randomBytes(16) , KEY_TRANSPORT_ENCRYPTION = KDF_INTERNAL.derive(KEY_TRANSPORT_PARTIAL, INDEX)
|
KEY_ENCRYPTION_VAULT |
KDF derived key from KEY_MASTER_SECRET
|
A key deduced using KDF derivation with INDEX = 2000 , KEY_ENCRYPTION_VAULT = KDF.expand(KEY_MASTER_SECRET, 2000) , used for encrypting a vault that stores the secret data, such as KEY_DEVICE_PRIVATE . |
KEY_ENCRYPTION_VAULT_TRANSPORT |
KDF derived key from KEY_TRANSPORT using CTR as index. |
A one-time key used for encrypted transport of the key vault encryption, deduced using KDF derivation with INDEX = CTR , KEY_ENCRYPTION_VAULT_TRANSPORT = KDF.derive(KEY_TRANSPORT, INDEX)
|
If you need any assistance, do not hesitate to drop us a line at [email protected].
PowerAuth 2.0 Specification
- Overview
- Basic Definitions
- Activation
- Key Derivation
- Checking Status
- Signatures
- MAC Token Based Authentication
- End-To-End Encryption
- Standard REST API
- Implementation Details
- List of Used Keys
Deployment
Applications
- PowerAuth Server
- PowerAuth Admin
- PowerAuth Push Server
- PowerAuth CMD Tool
- PowerAuth Mobile SDK
- SDK for RESTful APIs
- PowerAuth Web Flow
Development
Releases