docs: update ClaudeReport (R24-d/c) and Engineering_Reference_Manual (keybox phrase envelope)

This commit is contained in:
null 2026-06-30 21:25:00 -05:00
parent 683e4ed8d0
commit 4773570745
2 changed files with 8 additions and 1 deletions

File diff suppressed because one or more lines are too long

View File

@ -1192,6 +1192,12 @@ OOB code = `truncate6(SHA-256(pubkey ‖ nonce))`.
couple key; the code is a fingerprint of the exact pubkey in the request doc (defeats a server/MITM pubkey swap + couple key; the code is a fingerprint of the exact pubkey in the request doc (defeats a server/MITM pubkey swap +
account-takeover). Never reduce it to a tap-to-approve. Consume (delete) the request after unwrap so no wrapped account-takeover). Never reduce it to a tap-to-approve. Consume (delete) the request after unwrap so no wrapped
key lingers. key lingers.
- **Keybox payload carries the phrase too (R24-c).** The ECIES plaintext is now an envelope `ckx:v1:{json}` with
`{keyset, phrase?}``wrapCoupleKey(..., recoveryPhrase)` includes the sender's phrase; `unwrapCoupleKey`
returns `TransferredKey(keyset, recoveryPhrase?)`; `storeTransferredKeyset(coupleId, handle, phrase?)` persists
the phrase so a partner-restored device can reveal it. **Backward-compatible:** a plaintext WITHOUT the
`ckx:v1:` prefix is a legacy keyset-only keybox → decodes to `(keyset, null)`. Don't remove the legacy branch.
The phrase rides inside the same OOB-code-gated ECIES ciphertext as the key — never log it (same rule as the key).
- **Restore requires the couple key first** (phrase or partner keybox) — content decrypt is couple-key. Fail soft - **Restore requires the couple key first** (phrase or partner keybox) — content decrypt is couple-key. Fail soft
everywhere (missing key → skip backup / "restore unavailable", never crash; never log keys/plaintext/phrase). everywhere (missing key → skip backup / "restore unavailable", never crash; never log keys/plaintext/phrase).
- **Re-request must delete before create (R24-b, Bug A).** `createRestoreRequest` does `.set()`; over an existing - **Re-request must delete before create (R24-b, Bug A).** `createRestoreRequest` does `.set()`; over an existing