List of Used Keys

The following keys are used in the PowerAuth cryptography scheme.

Application Scoped Keys

name created as purpose
KEY_SERVER_MASTER_PRIVATE ECDH - private key Embedded on server, used to assure authenticity of data during the transfer from server to client during application scoped use-cases (i.e., device activation).
KEY_SERVER_MASTER_PUBLIC ECDH - public key Embedded in client app, used to verify authenticity of data while transferring from server to client during application scoped use-cases (i.e., device activation).
APP_KEY Application version key Shared random ID between the server and client app, used to identify specific application version. The value travels in plain form over HTTPS channel.
APP_SECRET Application version secret Shared random secret key between the server and client app, used to authenticate specific application version. Used in digest and MAC values.

Activation Scoped Keys

name created as purpose
KEY_DEVICE_PRIVATE ECDH - private key Generated on client to allow construction of KEY_MASTER_SECRET.
KEY_DEVICE_PUBLIC ECDH - public key Generated on client to allow construction of KEY_MASTER_SECRET.
KEY_SERVER_PRIVATE ECDH - private key Generated on server to allow construction of KEY_MASTER_SECRET.
KEY_SERVER_PUBLIC ECDH - public key Generated on server to allow construction of KEY_MASTER_SECRET.
KEY_MASTER_SECRET ECDH - pre-shared A key deduced using ECDH derivation, KEY_MASTER_SECRET = ECDH.phase(KEY_DEVICE_PRIVATE, KEY_SERVER_PUBLIC) = ECDH.phase(KEY_SERVER_PRIVATE, KEY_DEVICE_PUBLIC) and then reduced with ByteUtils.convert32Bto16B().
KEY_SIGNATURE_POSSESSION KDF derived key from KEY_MASTER_SECRET A signing key associated with the possession, factor deduced using KDF derivation with INDEX = 1, KEY_SIGNATURE_POSSESSION = KDF.derive(KEY_MASTER_SECRET, 1), used for subsequent request signing.
KEY_SIGNATURE_KNOWLEDGE KDF derived key from KEY_MASTER_SECRET A key associated with the knowledge factor, deduced using KDF derivation with INDEX = 2, KEY_SIGNATURE_KNOWLEDGE = KDF.derive(KEY_MASTER_SECRET, 2), used for subsequent request signing.
KEY_SIGNATURE_BIOMETRY KDF derived key from KEY_MASTER_SECRET A key associated with the biometry factor, deduced using KDF derivation with INDEX = 3, KEY_SIGNATURE_BIOMETRY = KDF.derive(KEY_MASTER_SECRET, 3), used for subsequent request signing.
KEY_TRANSPORT KDF derived key from KEY_MASTER_SECRET A key deduced using KDF derivation with INDEX = 1000, KEY_TRANSPORT = KDF.derive(KEY_MASTER_SECRET, 1000), used for encrypted data transport. This key is used as master transport key for end-to-end encryption key derivation.
KEY_ENCRYPTION_VAULT KDF derived key from KEY_MASTER_SECRET A key deduced using KDF derivation with INDEX = 2000, KEY_ENCRYPTION_VAULT = KDF.derive(KEY_MASTER_SECRET, 2000), used for encrypting a vault that stores the secret data, such as KEY_DEVICE_PRIVATE.
KEY_TRANSPORT_IV KDF derived key from KEY_TRANSPORT A key deduced using KDF derivation with INDEX = 3000, KEY_ENCRYPTION_IV = KDF.derive(KEY_TRANSPORT, 3000), used for derivation of initial vector, that encrypts activation status blob.
KEY_TRANSPORT_CTR KDF derived key from KEY_TRANSPORT A key deduced using KDF derivation with INDEX = 4000, KEY_TRANSPORT_CTR = KDF.derive(KEY_TRANSPORT, 4000), used for computing hash from current value of hash-based counter.
Last updated on Jun 10, 2024 (09:20) Edit on Github Send Feedback
Search

1.8.x

PowerAuth Java Crypto