jami
/
jami-docs
mirror of https://git.jami.net/savoirfairelinux/jami-docs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update Technical overview

This commit is contained in:
Adrien Béraud 2019-12-16 14:09:36 -05:00
parent dff1406f8b
commit edbd1eb7a0
1 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
technical/Technical-overview.md
View File

@ -1,54 +1,53 @@
Concepts
========
Ring Account
Jami Account
------------
- A **Ring account** is defined by a cryptographic Ring Identity based
- A **Jami account** is defined by a cryptographic Jami Identity based
of **RSA asymmetric key-pair** and managed with **x.509
certificates** as defined by *[RFC
5280](https://tools.ietf.org/html/rfc5280)*.
- Ring uses the **gnutls** library to generate and manage RSA keys
- Jami uses the **gnutls** library to generate and manage RSA keys
and certificates.
### Ring certificate
### Jami certificate
- This represents the identify of a Ring user.
- This represents the identify of a Jami user.
- Generated at account creation
- Contains the Ring account public key.
- Contains the Jami account public key.
- The SHA-1 fingerprint (160-bits) of this public certificate is the
**RingId**.
**JamiId**.
- Signed by a CA (from an organization or self-signed).
- The subject UID field must be the hexadecimal form of the RingId.
- The subject UID field must be the hexadecimal form of the JamiId.
- The issuer UID field must be the hexadecimal form of the issuer
public key fingerprint (CA).
- Random RSA key-pair of at least 4096-bits long.
### Device certificate
- This is the identity of one specific device used to run Ring.
- This is the identity of one specific device used to run Jami.
- One per device.
- Generated by Ring (not user provided).
- Random and 4096-bits long.
- The SHA-1 fingerprint of the public key becomes the **DeviceId**.
- Must be signed by the private key that created the Ring certificate.
- Must be signed by the private key that created the Jami certificate.
- The subject UID field must be the hexadecimal form of the DeviceId.
- The issuer UID field must be the hexadecimal form of the issuer
public key fingerprint (RingId).
public key fingerprint (JamiId).
### Usages
- The RingId:
- The JamiId:
- It's the DHT key where the list of account devices are published
and where all devices listen to synchronize on account
changes (i.e. adding or revoke a device).
- The Ring certificate RSA keys are used as long-term keys to
- The Jami certificate RSA keys are used as long-term keys to
sign/encrypt/decrypt messages sent over the DHT:
- private key to sign-off and decrypt incoming messages and
device certificates.
- public key to encrypt messages (this is done by the message
issuer using the receiver public key).
- A device can be "removed" from a Ring account through revocation of
- A device can be "removed" from a Jami account through revocation of
the device certificate:
- Revoked device certificates are added to one or more standard
x509 Certificate Revocation List (CRL).
@ -61,9 +60,9 @@ Ring Account
<!-- -->
- - Ring needs to load certificates and key-pairs each time the
- - Jami needs to load certificates and key-pairs each time the
application is started.
- When Ring creates a new device, these information are also
- When Jami creates a new device, these information are also
needed, shared from another trusted device in a secure way.
- All platforms doesn't provide secure way to store data, Ring
supports this fact by encrypting data stored outside the
@ -77,7 +76,7 @@ Ring Account
- the public certificates chain as a CRT file
- the device private key.
#### Ring archive (export.gz)
#### Jami archive (export.gz)
- Contains private account data.
- Currently transmitted over the DHT network when device is created