From b6872fb454191b29b685502444a0b5fa1e8697ac Mon Sep 17 00:00:00 2001 From: Alexander Neumann Date: Sat, 22 Aug 2015 13:28:28 +0200 Subject: [PATCH] Clarify documentation about MAC key --- doc/Design.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/Design.md b/doc/Design.md index 5a3d0e2e9..ac5ec7dc8 100644 --- a/doc/Design.md +++ b/doc/Design.md @@ -249,13 +249,13 @@ These last 32 bytes are divided into a 16 byte AES key `k` followed by 16 bytes of secret key `r`. They key `r` is then masked for use with Poly1305 (see the paper for details). -This message authentication key is used to compute a MAC over the bytes contained -in the JSON field `data` (after removing the Base64 encoding and not including -the last 32 byte). If the password is incorrect or the key file has been -tampered with, the computed MAC will not match the last 16 bytes of the data, -and restic exits with an error. Otherwise, the data is decrypted with the -encryption key derived from `scrypt`. This yields a JSON document which -contains the master encryption and message authentication keys for this +This message authentication key (`k` and `r`) is used to compute a MAC over the +bytes contained in the JSON field `data` (after removing the Base64 encoding +and not including the last 32 byte). If the password is incorrect or the key +file has been tampered with, the computed MAC will not match the last 16 bytes +of the data, and restic exits with an error. Otherwise, the data is decrypted +with the encryption key derived from `scrypt`. This yields a JSON document +which contains the master encryption and message authentication keys for this repository (encoded in Base64). The command `restic cat masterkey` can be used as follows to decrypt and pretty-print the master key: