[DOC] Key can be retrieved using HKP keyserver

[govpn.git] / doc / transport.texi

diff --git a/doc/transport.texi b/doc/transport.texi
index cb9b5d5737552016f11ef6765c808a46ab042b6f..812322528f03019d4b882dab6e925ebdd386afa4 100644 (file)
--- a/doc/transport.texi
+++ b/doc/transport.texi
@@ -2,7 +2,7 @@
 @section Transport protocol
 
 @verbatim
-     NONCE = MAC(MAC_KEY, SERIAL)
+     NONCE = 64bit(MAC(MAC_KEY, SERIAL))
    PAYLOAD = DATA || PAD [|| ZEROS]
 CIPHERTEXT = ENCRYPT(KEY, NONCE, PAYLOAD)
        TAG = AUTH(AUTH_KEY, CIPHERTEXT || NONCE)
@@ -25,8 +25,9 @@ MAC_KEY = 256bit(ENCRYPT(KEY, 0))
 Salsa20's output is ignored and only remaining is XORed with ther data,
 encrypting it.
 
-@code{DATA} is padded with @code{PAD} (0x80 byte). Optional @code{ZEROS}
-may follow, to fill up packet to conceal payload packet length.
+@code{DATA} is padded using ISO/IEC 7816-4 format (@code{PAD} (0x80
+byte) with optional @code{ZEROS} following), to fill up packet to
+conceal payload packet length.
 
 @code{AUTH} is Poly1305 authentication function. First 256 bits of
 Salsa20's output are used as a one-time key for @code{AUTH}.
@@ -41,9 +42,9 @@ drop when receiving duplicate ones.
 In @ref{Encless, encryptionless mode} this scheme is slightly different:
 
 @verbatim
- PACKET = ENCODED || NONCE
-ENCODED = ENCLESS(DATA || PAD || ZEROS)
   NONCE = MAC(MAC_KEY, SERIAL)
+ENCODED = ENCLESS(DATA || PAD || ZEROS)
+ PACKET = ENCODED || NONCE
 @end verbatim
 
 @code{ENCLESS} is AONT and chaffing function. There is no need in