[OTR-dev] Extra symmetric key
Kjell Braden
kb at pentabarf.de
Mon Jan 14 06:34:04 EST 2013
Am 14.01.2013 06:05, schrieb Dev Random:
> Hi all,
>
> I plan to use the Type 8 TLV / extra symmetric key in the Gibberbot
> project, but I am puzzled by the description in the OTRv3 spec.
>
> TLVs are already encrypted inside the message envelope. What is then
> the function of the additional key h2(0xFF)? Since the message is
> already encrypted with a related key - h1(), there seems to be no added
> security from another layer of encryption.
>
> Could the Type 8 TLV data be used as is (without using h2(0xFF) to encrypt)?
>
> I also note that the libotr4 implementation of otrl_message_symkey
> doesn't do any encryption on sending, and only provides h2(0xFF) as a
> callback, but doesn't do decryption.
>
[sent this off-list earlier, sorry]
The TLV8 is used to indicate to your partner's client that you intend to
use the key, not to exchange key material (both sides know the key
already). The contents are entirely application-defined.
-Kjell
More information about the OTR-dev
mailing list