diff --git a/technical/Technical-overview.md b/technical/Technical-overview.md index ae3a1090..be3e750a 100644 --- a/technical/Technical-overview.md +++ b/technical/Technical-overview.md @@ -1,54 +1,53 @@ Concepts ======== -Ring Account +Jami Account ------------ -- A **Ring account** is defined by a cryptographic Ring Identity based +- A **Jami account** is defined by a cryptographic Jami Identity based of **RSA asymmetric key-pair** and managed with **x.509 certificates** as defined by *[RFC 5280](https://tools.ietf.org/html/rfc5280)*. -- Ring uses the **gnutls** library to generate and manage RSA keys +- Jami uses the **gnutls** library to generate and manage RSA keys and certificates. -### Ring certificate +### Jami certificate -- This represents the identify of a Ring user. +- This represents the identify of a Jami user. - Generated at account creation -- Contains the Ring account public key. +- Contains the Jami account public key. - The SHA-1 fingerprint (160-bits) of this public certificate is the - **RingId**. + **JamiId**. - Signed by a CA (from an organization or self-signed). -- The subject UID field must be the hexadecimal form of the RingId. +- The subject UID field must be the hexadecimal form of the JamiId. - The issuer UID field must be the hexadecimal form of the issuer public key fingerprint (CA). - Random RSA key-pair of at least 4096-bits long. ### Device certificate -- This is the identity of one specific device used to run Ring. +- This is the identity of one specific device used to run Jami. - One per device. -- Generated by Ring (not user provided). - Random and 4096-bits long. - The SHA-1 fingerprint of the public key becomes the **DeviceId**. -- Must be signed by the private key that created the Ring certificate. +- Must be signed by the private key that created the Jami certificate. - The subject UID field must be the hexadecimal form of the DeviceId. - The issuer UID field must be the hexadecimal form of the issuer - public key fingerprint (RingId). + public key fingerprint (JamiId). ### Usages -- The RingId: +- The JamiId: - It's the DHT key where the list of account devices are published and where all devices listen to synchronize on account changes (i.e. adding or revoke a device). -- The Ring certificate RSA keys are used as long-term keys to +- The Jami certificate RSA keys are used as long-term keys to sign/encrypt/decrypt messages sent over the DHT: - private key to sign-off and decrypt incoming messages and device certificates. - public key to encrypt messages (this is done by the message issuer using the receiver public key). -- A device can be "removed" from a Ring account through revocation of +- A device can be "removed" from a Jami account through revocation of the device certificate: - Revoked device certificates are added to one or more standard x509 Certificate Revocation List (CRL). @@ -61,9 +60,9 @@ Ring Account -- - Ring needs to load certificates and key-pairs each time the +- - Jami needs to load certificates and key-pairs each time the application is started. - - When Ring creates a new device, these information are also + - When Jami creates a new device, these information are also needed, shared from another trusted device in a secure way. - All platforms doesn't provide secure way to store data, Ring supports this fact by encrypting data stored outside the @@ -77,7 +76,7 @@ Ring Account - the public certificates chain as a CRT file - the device private key. -#### Ring archive (export.gz) +#### Jami archive (export.gz) - Contains private account data. - Currently transmitted over the DHT network when device is created