mirror of https://github.com/MISP/misp-bump
improve readme
parent
dd374300f1
commit
7b673e2a6e
28
README.md
28
README.md
|
@ -9,25 +9,31 @@ Note: only **use case 1** from the [documentation](https://www.circl.lu/doc/misp
|
||||||
# How does MISPbump work?
|
# How does MISPbump work?
|
||||||
First of all: MISP admins login by providing the base URL of their instance and their authkey (automationkey).
|
First of all: MISP admins login by providing the base URL of their instance and their authkey (automationkey).
|
||||||
|
|
||||||
On a successfull login the users profile and the linked organisation information will be downloaded automatically.
|
On a successfull login the admins profile and the linked organisation information will be downloaded automatically.
|
||||||
This information can be updated at any time from the profile view.
|
This information can be updated at any time from the profile view.
|
||||||
|
|
||||||
From the main screen you can start a synchronisation process by pressing the dedicated button.
|
From the main screen you can start a synchronisation process by pressing the dedicated button.
|
||||||
|
|
||||||
The synchronisation process consists of 3 steps:
|
The synchronisation process consists of 3 steps:
|
||||||
1. Key Exchange (unencrypted QR code)
|
1. **Key Exchange**
|
||||||
1. Synchronisation Information Exchange (with shared secret encrypted QR code)
|
To provide a secure chanel for data exchange, the first step is to generate a shared secret with [Diffie–Hellman key exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) ([Elliptic Curve](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman)).
|
||||||
1. Upload information to own MISP instance
|
|
||||||
|
|
||||||
#### 1. Key Exchange
|
Public keys are exchanged via QR code.
|
||||||
[Diffie–Hellman key exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) ([Elliptic Curve](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman)), where the public part is exchanged via a QR code.
|
|
||||||
The result is a shared secret which will be used to encrypt the information passed via QR code in step 2.
|
|
||||||
|
|
||||||
#### 2. Synchronisation Information Exchange
|
1. **Synchronisation Information Exchange**
|
||||||
Local information like Organisation name, UUID, description and User information is encrypted with a from step 1 derived key.
|
Contains the following information:
|
||||||
The information can now be securely exchanged via QR code.
|
+ Own Organisation: Name, UUID, description, nationality, sector, type and contacts
|
||||||
|
+ Own User: Email
|
||||||
|
+ Own MISP instance: base URL
|
||||||
|
+ Generated: sync user authkey, sync user password
|
||||||
|
(your partner will create a sync user with these credentials)
|
||||||
|
|
||||||
#### 3. Upload information to MISP instance
|
The Synchronisation information is encrypted with AES using the shared secret (from step 1).
|
||||||
|
|
||||||
|
The sync process information will be saved securely on the device, that means the upload can be started any time in the future.
|
||||||
|
|
||||||
|
|
||||||
|
1. **Upload information to own MISP instance**
|
||||||
Uploading the information to the MISP instance is accomplished with MISP's REST API.
|
Uploading the information to the MISP instance is accomplished with MISP's REST API.
|
||||||
|
|
||||||
Uploading consists of the following steps:
|
Uploading consists of the following steps:
|
||||||
|
|
Loading…
Reference in New Issue