Clarify documentation about MAC key

This commit is contained in:
Alexander Neumann 2015-08-22 13:28:28 +02:00
parent 16e87d7208
commit b6872fb454

View file

@ -249,13 +249,13 @@ These last 32 bytes are divided into a 16 byte AES key `k` followed by 16 bytes
of secret key `r`. They key `r` is then masked for use with Poly1305 (see the
paper for details).
This message authentication key is used to compute a MAC over the bytes contained
in the JSON field `data` (after removing the Base64 encoding and not including
the last 32 byte). If the password is incorrect or the key file has been
tampered with, the computed MAC will not match the last 16 bytes of the data,
and restic exits with an error. Otherwise, the data is decrypted with the
encryption key derived from `scrypt`. This yields a JSON document which
contains the master encryption and message authentication keys for this
This message authentication key (`k` and `r`) is used to compute a MAC over the
bytes contained in the JSON field `data` (after removing the Base64 encoding
and not including the last 32 byte). If the password is incorrect or the key
file has been tampered with, the computed MAC will not match the last 16 bytes
of the data, and restic exits with an error. Otherwise, the data is decrypted
with the encryption key derived from `scrypt`. This yields a JSON document
which contains the master encryption and message authentication keys for this
repository (encoded in Base64). The command `restic cat masterkey` can be used
as follows to decrypt and pretty-print the master key: