diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-01-30 14:41:01 +0100 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-01-31 17:20:36 +0100 |
commit | 5ffdfd6d0bc77eda829054c9c3de6fba950507de (patch) | |
tree | ddbb173a6300fce2a7c3cf1ee70878d252f4a947 /vespa_qrs | |
parent | 3e54969fc961ee51c93404a37d559ab7ea2f9fe6 (diff) |
Add an "interactive" token resealing protocol and basic tooling support
Implements a protocol for delegated access to a shared secret key
of a token whose private key we do not possess. This builds directly
on top of the existing token resealing mechanisms.
The primary benefit of the resealing protocol is that none of the
data exchanged can reveal anything about the underlying secret.
Security note: neither resealing requests nor responses are explicitly
authenticated (this is a property inherited from the sealed shared
key tokens themselves). It is assumed that an attacker can observe
all requests and responses in transit, but cannot modify them.
Diffstat (limited to 'vespa_qrs')
0 files changed, 0 insertions, 0 deletions