Skip to content
Snippets Groups Projects
Commit 1008a2a5 authored by Éloïs's avatar Éloïs
Browse files

[DEWIF] add nonce

parent c069ef33
No related branches found
No related tags found
1 merge request!5Dewif
Show whitespace changes
Inline Side-by-side
rfc/0013_Duniter_Encrypted_Wallet_Import_Format.md
+ 29
16
View file @ 1008a2a5
...@@ -19,6 +19,11 @@ The purpose of this RFC is to define a standard, inter-operable and secure forma ...@@ -19,6 +19,11 @@ The purpose of this RFC is to define a standard, inter-operable and secure forma
This RFC does not define a file format, it is agnostic of the way the wallet is stored on the disk. This RFC does not define a file format, it is agnostic of the way the wallet is stored on the disk.
## conventions
* `||` means binary concanetanation.
* All string must be encoded in UTF-8 with [NFKD normalization].
## DUBP ## DUBP
[DUBP] only deals with public keys and signatures. [DUBP] only deals with public keys and signatures.
...@@ -59,9 +64,9 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco ...@@ -59,9 +64,9 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco
### Version 1 ### Version 1
| log N | Algorithm | Encrypted data | | log N | Algorithm | Nonce | Encrypted data |
|:---------:|:-----------:|:---------------:| |:---------:|:-----------:|:--------:|:----------------:|
| 1 byte | 1 byte | Any bytes | | 1 byte | 1 byte | 12 bytes | Any bytes |
#### Algorithm #### Algorithm
...@@ -73,6 +78,11 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco ...@@ -73,6 +78,11 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco
*\* Future algorithms can be added to DEWIF v1.* *\* Future algorithms can be added to DEWIF v1.*
#### Nonce
The nonce is used to vary the encryption key (see next section).
It must be randomly generated at the creation of the DEWIF.
#### Encrypted data #### Encrypted data
**Symmetric encryption algorithm:** [XOR cipher] **Symmetric encryption algorithm:** [XOR cipher]
...@@ -82,9 +92,9 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco ...@@ -82,9 +92,9 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco
**XOR key** = scrypt of user passphrase with the following parameters: **XOR key** = scrypt of user passphrase with the following parameters:
| Parameter | Value | | Parameter | Value |
|:--------------:|:-----------------------------:| |:--------------:|:--------------------------------------------:|
|**Password:** | passphrase | |**Password:** | passphrase |
|**Salt** | sha256("dewif" ++ passphrase) | |**Salt** | sha256(`"dewif" \|\| nonce \|\| passphrase`) |
|**N** | `2^(log N)` | |**N** | `2^(log N)` |
|**r** | 16 | |**r** | 16 |
|**p** | 1 | |**p** | 1 |
...@@ -102,7 +112,7 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no ...@@ -102,7 +112,7 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no
| Parameter | Value | | Parameter | Value |
|:-----------------:|:----------------------------:| |:-----------------:|:----------------------------:|
|**Log N** | 15 | |**Log N** | 12 |
|**Algorithm** | Ed25519 | |**Algorithm** | Ed25519 |
|**Keypair seed** | 0xbfa3f6e322cf21d0e652f79a69df9498fdf5347665e5646d9041f756496a1143 | |**Keypair seed** | 0xbfa3f6e322cf21d0e652f79a69df9498fdf5347665e5646d9041f756496a1143 |
...@@ -111,6 +121,7 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no ...@@ -111,6 +121,7 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no
0x100000001 #g1-test 0x100000001 #g1-test
0x0C # log N 0x0C # log N
0x00 # Algorithm Ed25519 0x00 # Algorithm Ed25519
0x013194f1286512cf094295cb # nonce
0xbfa3f6e322cf21d0e652f79a69df9498fdf5347665e5646d9041f756496a1143 # keypair seed 0xbfa3f6e322cf21d0e652f79a69df9498fdf5347665e5646d9041f756496a1143 # keypair seed
0x17df9d2b059cdd2825955691e3a783e6da403148ddebb1144d1a9b9e545f2371 # public key 0x17df9d2b059cdd2825955691e3a783e6da403148ddebb1144d1a9b9e545f2371 # public key
``` ```
...@@ -126,7 +137,7 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no ...@@ -126,7 +137,7 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no
DEWIF base 64 string (with xor key `"toto titi tata"`): DEWIF base 64 string (with xor key `"toto titi tata"`):
`AAAAARAAAAEMALUJm4gAYvodNzw/CPBV4Pckm+pv1taVmMdXpbthi9YyDSu9ioexcFO1YJpKPKATZR5IMBpeOOnZkzhTb3k2SYo=` `AAAAARAAAAEMAAExlPEoZRLPCUKVy0iKnn1HUSFcmhwJPQETAghFDvH8ZmX59IuvR9hYV1gnVjCpU+TGOdUzyQmj3+auw3vUpFQYBiRlh67/I1xAhZM=`
##### Algorithm Bip32-Ed25519 ##### Algorithm Bip32-Ed25519
...@@ -151,7 +162,7 @@ Mnemonic entropy is defined on [BIP39]. ...@@ -151,7 +162,7 @@ Mnemonic entropy is defined on [BIP39].
The entropy is stored in 32 bytes to avoid revealing the size of the stored mnemonic. The entropy is stored in 32 bytes to avoid revealing the size of the stored mnemonic.
If the entropy of the mnemonic is less than 32 bytes, the extra bytes are ignored (they can have any value). If the entropy of the mnemonic is less than 32 bytes, the extra bytes are ignored (they can have any value).
To check that the DEWIF base64 string is not corrupted, compute the hash sha256 of `Language code || Entropy length || Mnemonic entropy`. The first eight bytes of the sha256 hash constitute the checksum. To check that the DEWIF base64 string is not corrupted, compute the hash sha256 of `Nonce || Language code || Entropy length || Mnemonic entropy`. The first eight bytes of the sha256 hash constitute the checksum.
WARNING: Only the "useful" part of the entropy is used to calculate the checksum, the extra bytes are ignored. WARNING: Only the "useful" part of the entropy is used to calculate the checksum, the extra bytes are ignored.
**Example 2:** **Example 2:**
...@@ -167,11 +178,12 @@ WARNING: Only the "useful" part of the entropy is used to calculate the checksum ...@@ -167,11 +178,12 @@ WARNING: Only the "useful" part of the entropy is used to calculate the checksum
0x100000001 #g1-test 0x100000001 #g1-test
0x0F # log N 0x0F # log N
0x01 # Algorithm Bip32-Ed25519 0x01 # Algorithm Bip32-Ed25519
0xc54299ae71fe2a4ecdc7d58a # nonce
0x00 # Language english 0x00 # Language english
0x10 # Entropy length 0x10 # Entropy length
0x33E46BB13A746EA41CDDE45C90846A79 # Mnemonic entropy 0x33E46BB13A746EA41CDDE45C90846A79 # Mnemonic entropy
0x00000000000000000000000000000000 # Mnemonic entropy padding 0x00000000000000000000000000000000 # Mnemonic entropy padding
0xa058ad20f43a5aa2 # checksum (SHA256 of 0x001033E46BB13A746EA41CDDE45C90846A79) 0x8a2bb5a0cb0acfba # checksum (SHA256 of 0xc54299ae71fe2a4ecdc7d58a || 0x00 || 0x10 || 0x33E46BB13A746EA41CDDE45C90846A79)
``` ```
**XOR key generated from scrypt with the following parameters:** **XOR key generated from scrypt with the following parameters:**
...@@ -191,4 +203,5 @@ DEWIF base 64 string (with xor key `"toto titi tata"`): ...@@ -191,4 +203,5 @@ DEWIF base 64 string (with xor key `"toto titi tata"`):
[BIP39]: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic [BIP39]: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic
[DUBP]: https://git.duniter.org/nodes/common/doc/blob/master/rfc/0010_Duniter_Blockchain_Protocol_V12.md [DUBP]: https://git.duniter.org/nodes/common/doc/blob/master/rfc/0010_Duniter_Blockchain_Protocol_V12.md
[Ed25519]: https://tools.ietf.org/html/rfc8032 [Ed25519]: https://tools.ietf.org/html/rfc8032
[NFKD normalization]: https://unicode.org/reports/tr15/#Norm_Forms
[XOR cipher]: https://en.wikipedia.org/wiki/XOR_cipher [XOR cipher]: https://en.wikipedia.org/wiki/XOR_cipher
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment