Describe the session export format.
This is the Megolm session format used for `m.forwarded_room_key`, the server-side room key backups and Megolm key file exports in the Matrix specification and implementations.
This commit is contained in:
Denis Kasak
parent
ee1b0c8a9a
commit
14c5ea70d4
1 changed files with 33 additions and 2 deletions
|
|
@ -182,9 +182,13 @@ but the decision of which ratchet states to cache is left to the application.
|
|||
|
||||
## Data exchange formats
|
||||
|
||||
### Session-sharing format
|
||||
### Session sharing format
|
||||
|
||||
The Megolm key-sharing format is as follows:
|
||||
This format is used for the initial sharing of a Megolm session with other
|
||||
group participants who need to be able to read messages encrypted by this
|
||||
session.
|
||||
|
||||
The session sharing format is as follows:
|
||||
|
||||
```
|
||||
+---+----+--------+--------+--------+--------+------+-----------+
|
||||
|
|
@ -202,6 +206,33 @@ part of the Ed25519 keypair $`K`$.
|
|||
The data is then signed using the Ed25519 keypair, and the 64-byte signature is
|
||||
appended.
|
||||
|
||||
### Session export format
|
||||
|
||||
Once the session is initially shared with the group participants, each
|
||||
participant needs to retain a copy of the session if they want to maintain
|
||||
their ability to decrypt messages encrypted with that session.
|
||||
|
||||
For forward-secrecy purposes, a participant may choose to store a ratcheted
|
||||
version of the session. But since the ratchet index is covered by the
|
||||
signature, this would invalidate the signature. So we define a similar format,
|
||||
called the *session export format*, which is identical to the [session sharing
|
||||
format](#session-sharing-format) except for dropping the signature.
|
||||
|
||||
The Megolm session export format is thus as follows:
|
||||
|
||||
```
|
||||
+---+----+--------+--------+--------+--------+------+
|
||||
| V | i | R(i,0) | R(i,1) | R(i,2) | R(i,3) | Kpub |
|
||||
+---+----+--------+--------+--------+--------+------+
|
||||
0 1 5 37 69 101 133 165 bytes
|
||||
```
|
||||
|
||||
The version byte, ``V``, is ``"\x02"``.
|
||||
|
||||
This is followed by the ratchet index, $`i`$, which is encoded as a
|
||||
big-endian 32-bit integer; the ratchet values $`R_{i,j}`$; and the public
|
||||
part of the Ed25519 keypair $`K`$.
|
||||
|
||||
### Message format
|
||||
|
||||
Megolm messages consist of a one byte version, followed by a variable length
|
||||
|
|
|
|||
Loading…
Reference in a new issue