wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

explain how to verify sender_key ownership

Browse source
This commit is contained in:
Valentin Deniaud 2018-07-17 17:55:54 +02:00
parent 8274f91b0b
commit 76071bae98
1 changed files with 9 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

13
specification/modules/end_to_end_encryption.rst
View file

@ -360,6 +360,9 @@ The plaintext payload is of the form:
"type": "<type of the plaintext event>",
"content": "<content for the plaintext event>",
"room_id": "<the room_id>",
"keys": {
"ed25519": "<sender_ed25519_key>"
}
}
The type and content of the plaintext message event are given in the payload.
@ -367,10 +370,12 @@ The type and content of the plaintext message event are given in the payload.
We include the room ID in the payload, because otherwise the homeserver would
be able to change the room a message was sent in.
.. TODO: claimed_keys
Clients must confirm that the ``sender_key`` belongs to the user that sent the
message. TODO: how?
Clients must confirm that the ``sender_key`` and the ``ed25519`` field value
under the ``keys`` property match the keys returned by |/keys/query|_ for
the given user, and must also verify the signature of the payload. Without
this check, a client cannot be sure that the sender device owns the private
part of the ed25519 key it claims to have in the Olm payload.
This is crucial when the ed25519 key corresponds to a verified device.
``m.megolm.v1.aes-sha2``
~~~~~~~~~~~~~~~~~~~~~~~~