From cf358e8d9414bd36e05b7c14ba76a3b87876da35 Mon Sep 17 00:00:00 2001 From: Tobias Kaminsky Date: Wed, 20 Dec 2017 13:22:39 +0100 Subject: [PATCH] Clarify mnemonic Whitespaces only for conveninent reasons, storing & using w/o. --- RFC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RFC.md b/RFC.md index 0862820..d0e5960 100644 --- a/RFC.md +++ b/RFC.md @@ -153,7 +153,7 @@ In a second step, the private key will be stored encrypted on the server to simp 1. Client generates a 12 word long mnemonic from the english BIP-0039 word list. The word list contains 2048 words, thus resulting in 2048^12 possible key combinations. 2. Client encrypts the private key using AES/GCM/NoPadding as cipher (256 bit key size) and uses PBKDF2WithHmacSHA1 as key derivation, as password the in step 1 generated mnemonic is used. 3. Client uploads the encrypted X.509 private key to the server by sending the encrypted private key URL encoded as parameter `privateKey` to `/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key`. -4. The mnemonic is displayed to the user and the user is asked to store a copy in a secure place. +4. The mnemonic is displayed to the user and the user is asked to store a copy in a secure place. For convenient reasons the mnemonic can be displayed with whitespaces, but should be stored and used as one concatenated string. 5. The mnemonic is stored in the keychain of the device. In case a user loses their device they can easily recover by using the mnemonic passphrase. The mnemonic passphrase can also be shown in the client settings in case the user forgets their mnemonic. Displaying the mnemonic requires the user to enter their PIN/fingerprint again on mobile devices.