Logon and credentials

Logon and credentails

In order to start a session with Mobile Server, a client should call Connect and Login commands.
As a parameter of the Login command, the client should provide username and password for the system. By default Mobile Server expects the username and password to be encrypted.
Mobile Server protocol relies on Diffie-Hellman-Merkle method for generating a shared secret between client and server that is used for encrypting \ decrypting the username and password.

Public keys exchange

Client sends Connect command with its public key as an input parameter:

Server responds to the Connect command with its public key as output parameter:

Diffie-Hellman configuration

Mobile server supports the following configurations for DHM:

Prime number p (both 1024 and 2048 bits) represented in hex

Primitive root g: 0x02

Note: Please have in mind that Mobile Server send its public key and expects client's public key in little-endian format. For more information see Appendix

Encryption

For the encryption of username and password is used the Advanced Encryption Standard (AES) algorithm.
The AES should be configured with the following parameters:

Chaining: CBC
Padding: PKCS7 or ISO10126
Initialization vector: first 16 bytes of shared key
Symmetric key: next 32 bytes of shared key

Note: Prime length and encryption padding should be provided as input parameters of the Connect command.