Toggle menu
Toggle preferences menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

About:Pharmacopedia.ext: Difference between revisions

From Pharmacopedia
[checked revision][checked revision]
Reconcile the spec to v0.9.8.0: Administer to others, the diptych, full-width layout + Appearance rail, the fungi sub-skin; parser-tag / special-page / module / assessment / table catalogues brought current
Crypto note: the Mode A KDF scheme v2 (Argon2id MODERATE) is live, not future
Line 484: Line 484:
* '''Passphrase''' (opt-in, zero-knowledge): the secret key is wrapped with an Argon2id-derived key from a passphrase only the owner knows. Not even the site can read the results. '''The passphrase cannot be recovered or reset'''; losing it makes every collected result permanently unreadable.
* '''Passphrase''' (opt-in, zero-knowledge): the secret key is wrapped with an Argon2id-derived key from a passphrase only the owner knows. Not even the site can read the results. '''The passphrase cannot be recovered or reset'''; losing it makes every collected result permanently unreadable.


AES-256-GCM is used for key wrapping in both modes. <code>AdminCrypto</code> (<code>includes/Assessments/AdminCrypto.php</code>) is the helper: <code>setupOwnerKey</code>, <code>verifyPassphrase</code>, <code>unlockSecretKey</code>, <code>encryptForOwner</code> / <code>decryptForOwner</code>, <code>encryptForRespondent</code> / <code>decryptForRespondent</code>, <code>mintInviteToken</code> / <code>hashInviteToken</code>. Invite tokens are 256-bit; only their SHA-256 hash is stored, so a stolen database yields no usable tokens. The respondent's own copy of each result is sealed to a key derived from the raw invite token, so the link doubles as the respondent's read credential. A scheme-version column on the key and result rows lets the cipher or KDF change in a future v2.
AES-256-GCM is used for key wrapping in both modes. <code>AdminCrypto</code> (<code>includes/Assessments/AdminCrypto.php</code>) is the helper: <code>setupOwnerKey</code>, <code>verifyPassphrase</code>, <code>unlockSecretKey</code>, <code>encryptForOwner</code> / <code>decryptForOwner</code>, <code>encryptForRespondent</code> / <code>decryptForRespondent</code>, <code>mintInviteToken</code> / <code>hashInviteToken</code>. Invite tokens are 256-bit; only their SHA-256 hash is stored, so a stolen database yields no usable tokens. The respondent's own copy of each result is sealed to a key derived from the raw invite token, so the link doubles as the respondent's read credential. A scheme-version column on the key and result rows lets the cipher or KDF be revised over time; the Mode A passphrase KDF currently runs at scheme v2 (Argon2id at MODERATE limits), and an owner created under an earlier scheme is transparently re-wrapped on their next unlock.


=== De-identified research pool ===
=== De-identified research pool ===