Share via

3.2.5.2.2.3 Decrypt Shared Key

  • Article

The authenticator element "urn:groove.net:Auth" MUST be a child of the security element "urn:groove.net:SE" as defined in section 2.2.3.19.1 for CreateAccountSEType and MUST have the attributes as defined in section 2.2.3.19.1.

The following attributes MUST be parsed and saved as inputs to data integrity verification:

  • Sig attribute is the message signature

The encrypted key attribute CSMKey MUST be an attribute of the security element "urn:groove.net:SE" as defined in section 2.2.3.19.1 for CreateAccountSEType. Its value MUST be parsed and saved as inputs to shared key decryption.

The encrypted key MUST be decrypted using the domain's encryption private key with the RSA algorithm, as defined in [PKCS1]. The result is saved as the shared key for the client account and the server domain, indexed with the client account GUID and the domain GUID.