Add some more detail for the root generation process (#5720)

* Add some more detail for the root generation process * Remove mention of old OTP and OTP provided on the start request
2019-08-14 17:16:10 +03:00 · 2019-08-14 17:16:10 +03:00 · a14b44ee8b
parent 8fe861ec04
commit a14b44ee8b
1 changed files with 13 additions and 3 deletions
--- a/website/source/api/system/generate-root.html.md
+++ b/website/source/api/system/generate-root.html.md
@ -38,6 +38,7 @@ $ curl \
  "required": 3,
  "encoded_token": "",
  "pgp_fingerprint": "",
+  "otp_length": 24,
  "complete": false
 }
 ```
@ -45,9 +46,18 @@ $ curl \
 If a root generation is started, `progress` is how many unseal keys have been
 provided for this generation attempt, where `required` must be reached to
 complete. The `nonce` for the current attempt and whether the attempt is
-complete is also displayed. If a PGP key is being used to encrypt the final root
-token, its fingerprint will be returned. Note that if an OTP is being used to
-encode the final root token, it will never be returned.
+complete is also displayed.
+
+If a PGP key is being used to encrypt the final root
+token, its fingerprint will be returned.
+
+If an OTP is being used to encode the final root token it will be returned only
+once, on the response to the start request.
+
+The OTP is a base62 string, with length of otp_length.
+The raw bytes (char codes) of the token will be XOR'd with
+this value before being returned  as a response to the final unseal
+key, encoded as base64.

 ## Start Root Token Generation