How does OptKeyProv work?

  • wellread1

    wellread1 - 2013-07-13

    I am trying to develop a mental picture of how the OtpKeyProv.plgx works (I don't read source code). Based on examination of the dname.otp.xml file and thinking about it, I have come up with the following simplistic model and would appreciate feedback about whether this is a correct view.

    1. The Secret key is the Master key for the case of a single component composite Master key in an OtpKeyProv protected database.
    2. The database can be decrypted with the Secret key alone. The counter and OTPs are not necessary for decryption.
    3. The Secret Key is stored, encrypted using the specified OTPs, in an <EncryptedData> element in the dname.otp.xml.
    4. n look ahead is implemented by storing n copies of the Secret Key, each in an <EncryptedData> element. Each element corresponds to incrementing <Counter> by 1 starting from <Counter>, and encrypting the Secret key with the corresponding OTPs.
    Last edit: wellread1 2013-07-13
  • Dominik Reichl

    Dominik Reichl - 2013-07-14

    Correct :-)

  • wellread1

    wellread1 - 2013-07-14

    Thanks for the confirmation. I will be able to provide assistance with this plugin more confidently in the future.


Log in to post a comment.