About:Pharmacopedia.ext: Difference between revisions
From Pharmacopedia
More actions
| [checked revision] | [checked revision] |
MDElliottMD (talk | contribs) Reconcile the spec to v0.9.8.0: Administer to others, the diptych, full-width layout + Appearance rail, the fungi sub-skin; parser-tag / special-page / module / assessment / table catalogues brought current |
MDElliottMD (talk | contribs) Crypto note: the Mode A KDF scheme v2 (Argon2id MODERATE) is live, not future |
||
| Line 484: | Line 484: | ||
* '''Passphrase''' (opt-in, zero-knowledge): the secret key is wrapped with an Argon2id-derived key from a passphrase only the owner knows. Not even the site can read the results. '''The passphrase cannot be recovered or reset'''; losing it makes every collected result permanently unreadable. | * '''Passphrase''' (opt-in, zero-knowledge): the secret key is wrapped with an Argon2id-derived key from a passphrase only the owner knows. Not even the site can read the results. '''The passphrase cannot be recovered or reset'''; losing it makes every collected result permanently unreadable. | ||
AES-256-GCM is used for key wrapping in both modes. <code>AdminCrypto</code> (<code>includes/Assessments/AdminCrypto.php</code>) is the helper: <code>setupOwnerKey</code>, <code>verifyPassphrase</code>, <code>unlockSecretKey</code>, <code>encryptForOwner</code> / <code>decryptForOwner</code>, <code>encryptForRespondent</code> / <code>decryptForRespondent</code>, <code>mintInviteToken</code> / <code>hashInviteToken</code>. Invite tokens are 256-bit; only their SHA-256 hash is stored, so a stolen database yields no usable tokens. The respondent's own copy of each result is sealed to a key derived from the raw invite token, so the link doubles as the respondent's read credential. A scheme-version column on the key and result rows lets the cipher or KDF | AES-256-GCM is used for key wrapping in both modes. <code>AdminCrypto</code> (<code>includes/Assessments/AdminCrypto.php</code>) is the helper: <code>setupOwnerKey</code>, <code>verifyPassphrase</code>, <code>unlockSecretKey</code>, <code>encryptForOwner</code> / <code>decryptForOwner</code>, <code>encryptForRespondent</code> / <code>decryptForRespondent</code>, <code>mintInviteToken</code> / <code>hashInviteToken</code>. Invite tokens are 256-bit; only their SHA-256 hash is stored, so a stolen database yields no usable tokens. The respondent's own copy of each result is sealed to a key derived from the raw invite token, so the link doubles as the respondent's read credential. A scheme-version column on the key and result rows lets the cipher or KDF be revised over time; the Mode A passphrase KDF currently runs at scheme v2 (Argon2id at MODERATE limits), and an owner created under an earlier scheme is transparently re-wrapped on their next unlock. | ||
=== De-identified research pool === | === De-identified research pool === | ||