[OTR-dev] Extra symmetric key
Dev Random
c1.otr-dev at niftybox.net
Mon Jan 14 11:36:25 EST 2013
On 01/14/2013 03:34 AM, Kjell Braden wrote:
> Am 14.01.2013 06:05, schrieb Dev Random:
>> Hi all,
>>
>> I plan to use the Type 8 TLV / extra symmetric key in the Gibberbot
>> project, but I am puzzled by the description in the OTRv3 spec.
>>
>> TLVs are already encrypted inside the message envelope. What is then
>> the function of the additional key h2(0xFF)? Since the message is
>> already encrypted with a related key - h1(), there seems to be no added
>> security from another layer of encryption.
>>
>> Could the Type 8 TLV data be used as is (without using h2(0xFF) to
>> encrypt)?
>>
>> I also note that the libotr4 implementation of otrl_message_symkey
>> doesn't do any encryption on sending, and only provides h2(0xFF) as a
>> callback, but doesn't do decryption.
>>
>
> [sent this off-list earlier, sorry]
>
> The TLV8 is used to indicate to your partner's client that you intend
> to use the key, not to exchange key material (both sides know the key
> already). The contents are entirely application-defined.
Yes, I realize that. But what is the point of the key, if the content
of the TLV is *already encrypted* with the message key?
Is the extra key meant to be used for out of band data?
>
> -Kjell
>
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
More information about the OTR-dev
mailing list