Describe the session export format.
This is the Megolm session format used for `m.forwarded_room_key`, the server-side room key backups and Megolm key file exports in the Matrix specification and implementations.
This commit is contained in:
Denis Kasak
parent
ee1b0c8a9a
commit
14c5ea70d4
1 changed files with 33 additions and 2 deletions
|
|
@ -182,9 +182,13 @@ but the decision of which ratchet states to cache is left to the application.
|
||||||
|
|
||||||
## Data exchange formats
|
## Data exchange formats
|
||||||
|
|
||||||
### Session-sharing format
|
### Session sharing format
|
||||||
|
|
||||||
The Megolm key-sharing format is as follows:
|
This format is used for the initial sharing of a Megolm session with other
|
||||||
|
group participants who need to be able to read messages encrypted by this
|
||||||
|
session.
|
||||||
|
|
||||||
|
The session sharing format is as follows:
|
||||||
|
|
||||||
```
|
```
|
||||||
+---+----+--------+--------+--------+--------+------+-----------+
|
+---+----+--------+--------+--------+--------+------+-----------+
|
||||||
|
|
@ -202,6 +206,33 @@ part of the Ed25519 keypair $`K`$.
|
||||||
The data is then signed using the Ed25519 keypair, and the 64-byte signature is
|
The data is then signed using the Ed25519 keypair, and the 64-byte signature is
|
||||||
appended.
|
appended.
|
||||||
|
|
||||||
|
### Session export format
|
||||||
|
|
||||||
|
Once the session is initially shared with the group participants, each
|
||||||
|
participant needs to retain a copy of the session if they want to maintain
|
||||||
|
their ability to decrypt messages encrypted with that session.
|
||||||
|
|
||||||
|
For forward-secrecy purposes, a participant may choose to store a ratcheted
|
||||||
|
version of the session. But since the ratchet index is covered by the
|
||||||
|
signature, this would invalidate the signature. So we define a similar format,
|
||||||
|
called the *session export format*, which is identical to the [session sharing
|
||||||
|
format](#session-sharing-format) except for dropping the signature.
|
||||||
|
|
||||||
|
The Megolm session export format is thus as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
+---+----+--------+--------+--------+--------+------+
|
||||||
|
| V | i | R(i,0) | R(i,1) | R(i,2) | R(i,3) | Kpub |
|
||||||
|
+---+----+--------+--------+--------+--------+------+
|
||||||
|
0 1 5 37 69 101 133 165 bytes
|
||||||
|
```
|
||||||
|
|
||||||
|
The version byte, ``V``, is ``"\x02"``.
|
||||||
|
|
||||||
|
This is followed by the ratchet index, $`i`$, which is encoded as a
|
||||||
|
big-endian 32-bit integer; the ratchet values $`R_{i,j}`$; and the public
|
||||||
|
part of the Ed25519 keypair $`K`$.
|
||||||
|
|
||||||
### Message format
|
### Message format
|
||||||
|
|
||||||
Megolm messages consist of a one byte version, followed by a variable length
|
Megolm messages consist of a one byte version, followed by a variable length
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue