[OTR-dev] Extra symmetric key

Kjell Braden kb at pentabarf.de
Mon Jan 14 06:34:04 EST 2013


Am 14.01.2013 06:05, schrieb Dev Random:
> Hi all,
>
> I plan to use the Type 8 TLV / extra symmetric key in the Gibberbot
> project, but I am puzzled by the description in the OTRv3 spec.
>
> TLVs are already encrypted inside the message envelope.  What is then
> the function of the additional key h2(0xFF)?  Since the message is
> already encrypted with a related key - h1(), there seems to be no added
> security from another layer of encryption.
>
> Could the Type 8 TLV data be used as is (without using h2(0xFF) to encrypt)?
>
> I also note that the libotr4 implementation of otrl_message_symkey
> doesn't do any encryption on sending, and only provides h2(0xFF) as a
> callback, but doesn't do decryption.
>

[sent this off-list earlier, sorry]

The TLV8 is used to indicate to your partner's client that you intend to 
use the key, not to exchange key material (both sides know the key 
already). The contents are entirely application-defined.

-Kjell




More information about the OTR-dev mailing list