Update Technical overview
This commit is contained in:
Adrien Béraud
parent
dff1406f8b
commit
edbd1eb7a0
|
|
@ -1,54 +1,53 @@
|
||||||
Concepts
|
Concepts
|
||||||
========
|
========
|
||||||
|
|
||||||
Ring Account
|
Jami Account
|
||||||
------------
|
------------
|
||||||
|
|
||||||
- A **Ring account** is defined by a cryptographic Ring Identity based
|
- A **Jami account** is defined by a cryptographic Jami Identity based
|
||||||
of **RSA asymmetric key-pair** and managed with **x.509
|
of **RSA asymmetric key-pair** and managed with **x.509
|
||||||
certificates** as defined by *[RFC
|
certificates** as defined by *[RFC
|
||||||
5280](https://tools.ietf.org/html/rfc5280)*.
|
5280](https://tools.ietf.org/html/rfc5280)*.
|
||||||
- Ring uses the **gnutls** library to generate and manage RSA keys
|
- Jami uses the **gnutls** library to generate and manage RSA keys
|
||||||
and certificates.
|
and certificates.
|
||||||
|
|
||||||
### Ring certificate
|
### Jami certificate
|
||||||
|
|
||||||
- This represents the identify of a Ring user.
|
- This represents the identify of a Jami user.
|
||||||
- Generated at account creation
|
- Generated at account creation
|
||||||
- Contains the Ring account public key.
|
- Contains the Jami account public key.
|
||||||
- The SHA-1 fingerprint (160-bits) of this public certificate is the
|
- The SHA-1 fingerprint (160-bits) of this public certificate is the
|
||||||
**RingId**.
|
**JamiId**.
|
||||||
- Signed by a CA (from an organization or self-signed).
|
- Signed by a CA (from an organization or self-signed).
|
||||||
- The subject UID field must be the hexadecimal form of the RingId.
|
- The subject UID field must be the hexadecimal form of the JamiId.
|
||||||
- The issuer UID field must be the hexadecimal form of the issuer
|
- The issuer UID field must be the hexadecimal form of the issuer
|
||||||
public key fingerprint (CA).
|
public key fingerprint (CA).
|
||||||
- Random RSA key-pair of at least 4096-bits long.
|
- Random RSA key-pair of at least 4096-bits long.
|
||||||
|
|
||||||
### Device certificate
|
### Device certificate
|
||||||
|
|
||||||
- This is the identity of one specific device used to run Ring.
|
- This is the identity of one specific device used to run Jami.
|
||||||
- One per device.
|
- One per device.
|
||||||
- Generated by Ring (not user provided).
|
|
||||||
- Random and 4096-bits long.
|
- Random and 4096-bits long.
|
||||||
- The SHA-1 fingerprint of the public key becomes the **DeviceId**.
|
- The SHA-1 fingerprint of the public key becomes the **DeviceId**.
|
||||||
- Must be signed by the private key that created the Ring certificate.
|
- Must be signed by the private key that created the Jami certificate.
|
||||||
- The subject UID field must be the hexadecimal form of the DeviceId.
|
- The subject UID field must be the hexadecimal form of the DeviceId.
|
||||||
- The issuer UID field must be the hexadecimal form of the issuer
|
- The issuer UID field must be the hexadecimal form of the issuer
|
||||||
public key fingerprint (RingId).
|
public key fingerprint (JamiId).
|
||||||
|
|
||||||
### Usages
|
### Usages
|
||||||
|
|
||||||
- The RingId:
|
- The JamiId:
|
||||||
- It's the DHT key where the list of account devices are published
|
- It's the DHT key where the list of account devices are published
|
||||||
and where all devices listen to synchronize on account
|
and where all devices listen to synchronize on account
|
||||||
changes (i.e. adding or revoke a device).
|
changes (i.e. adding or revoke a device).
|
||||||
- The Ring certificate RSA keys are used as long-term keys to
|
- The Jami certificate RSA keys are used as long-term keys to
|
||||||
sign/encrypt/decrypt messages sent over the DHT:
|
sign/encrypt/decrypt messages sent over the DHT:
|
||||||
- private key to sign-off and decrypt incoming messages and
|
- private key to sign-off and decrypt incoming messages and
|
||||||
device certificates.
|
device certificates.
|
||||||
- public key to encrypt messages (this is done by the message
|
- public key to encrypt messages (this is done by the message
|
||||||
issuer using the receiver public key).
|
issuer using the receiver public key).
|
||||||
- A device can be "removed" from a Ring account through revocation of
|
- A device can be "removed" from a Jami account through revocation of
|
||||||
the device certificate:
|
the device certificate:
|
||||||
- Revoked device certificates are added to one or more standard
|
- Revoked device certificates are added to one or more standard
|
||||||
x509 Certificate Revocation List (CRL).
|
x509 Certificate Revocation List (CRL).
|
||||||
|
|
@ -61,9 +60,9 @@ Ring Account
|
||||||
|
|
||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
- - Ring needs to load certificates and key-pairs each time the
|
- - Jami needs to load certificates and key-pairs each time the
|
||||||
application is started.
|
application is started.
|
||||||
- When Ring creates a new device, these information are also
|
- When Jami creates a new device, these information are also
|
||||||
needed, shared from another trusted device in a secure way.
|
needed, shared from another trusted device in a secure way.
|
||||||
- All platforms doesn't provide secure way to store data, Ring
|
- All platforms doesn't provide secure way to store data, Ring
|
||||||
supports this fact by encrypting data stored outside the
|
supports this fact by encrypting data stored outside the
|
||||||
|
|
@ -77,7 +76,7 @@ Ring Account
|
||||||
- the public certificates chain as a CRT file
|
- the public certificates chain as a CRT file
|
||||||
- the device private key.
|
- the device private key.
|
||||||
|
|
||||||
#### Ring archive (export.gz)
|
#### Jami archive (export.gz)
|
||||||
|
|
||||||
- Contains private account data.
|
- Contains private account data.
|
||||||
- Currently transmitted over the DHT network when device is created
|
- Currently transmitted over the DHT network when device is created
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue