Comodo Group Inc.

philliph@comodo.com

Security The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. This document describes how Mesh profiles are stored for application access on Windows, Linux and OSX platforms.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

The Windows Configuration is stored in a combination of Windows Key Store entries, registry entries and data files. The profiles that are available to a user are specified as Windows registry keys. Cached and archival copies of profiles are stored on the local machine as data files with file names and locations specified in the Windows registry. Cryptographic keys are stored in a Windows key store. To locate a device, application or personal profile, an application: Searches for a Windows registry entry that matches the relevant criteria. Retrieves the profile data from either a local cached copy or the corresponding portal. Accesses the corresponding private keys through the Windows key store. The Windows Key store is the natural storage location for cryptographic keys on the Windows platform as keys are at minimum protected by the operating system access control mechanism. The Windows key store also permits the use of cryptographic hardware devices.

All keys used by the Mathematical Mesh are stored in the following Windows registry location: HKEY_CURRENT_USER\SOFTWARE\CryptoMesh This location has the following sub keys: (Default) -> UDF fingerprint of the default personal profile (Default) -> File location for the profile. Archive -> File location for the profile archive. Portals -> Multistring containing portal accounts to which the profile is registered. The default portal is first. Web -> UDF fingerprint of default Web Application profile SSH -> UDF fingerprint of default SSH Application profile Network -> UDF fingerprint of default network Application profile Mail -> UDF fingerprint of default Mail Application profile UDF Fingerprint of profile -> File location of profile (Default) -> UDF fingerprint of default device profile UDF Fingerprint of Device profile -> File location of device profile

ApplicationData \CryptoMesh\

<>

To locate the default personal profile, an application: Retrieves the key PersonalProfiles\(Default) to get <UDF> Locates the profile with identifier <UDF> To locate the personal profile with identifier UDF, an application: Retrieves the key PersonalProfiles\<UDF> Retrieves the latest version of the profile from the location specified in PersonalProfiles\<UDF>\(Default) If necessary, the profile is refreshed from one of the accounts specified in PersonalProfiles\<UDF>\Portal In case of an inconsistency being detected, the application MAY use the archived copies of the profile to resynchronize. Note that having been connected to a profile at some time in the past does not guarantee that a device currently has access, even if the device in question was an administration device for the profile.

To locate a device profile an application

To locate a device profile an application

The OSX configuration is stored in a combination of a master configuration file, profile data files and the OSX KeyChain The profiles that are available to a user are stored in a JSON configuration file Cached and archival copies of profiles are stored on the local machine as data files with file names and locations specified in the JSON configuration file Cryptographic keys are stored in the OSX Key Chain. File locations The JSON Configuration file is stored in ~/.cryptomesh/profiles.json Profile data files are stored in a directory ~/.cryptomesh/<UDF> The latest copy of the profile is stored in <UDF>.mmm An archive containing all the stored profiles is stored in <UDF>.all.mmm

Private keys are stored in the OSX Key Manager in some fashion to be decided later.

The Linux configuration is stored in a combination of a master configuration file, profile data files and private key files. The file layout of the Linux configuration and data files is identical to that of OSX.

Private Keys are stored in the locations that the Linux applications that are to use them expect to find them.

The C# reference code base provides the following classes to provide access to the Mesh machine configuration:

None

TBS