Merge pull request #3151 from uhoreg/single_ssss_spec
Document Single SSSS.
This commit is contained in:
Hubert Chathi
Richard van der Hoff
commit
e9e0d8ee47
2 changed files with 24 additions and 1 deletions
1
changelogs/client_server/newsfragments/3151.feature
Normal file
1
changelogs/client_server/newsfragments/3151.feature
Normal file
|
|
@ -0,0 +1 @@
|
|||
Document how clients can simplify usage of Secure Secret Storage ([MSC2874](https://github.com/uhoreg/matrix-doc/pull/new/single_ssss_spec)).
|
||||
|
|
@ -42,7 +42,7 @@ passphrases](#deriving-keys-from-passphrases).
|
|||
|
||||
| Parameter | Type | Description
|
||||
|------------|-----------|-------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| name | string | **Required.** The name of the key. |
|
||||
| name | string | Optional. The name of the key. If not given, the client may use a generic name such as "Unnamed key", or "Default key" if the key is marked as the default key (see below). |
|
||||
| algorithm | string | **Required.** The encryption algorithm to be used for this key. Currently, only `m.secret_storage.v1.aes-hmac-sha2` is supported. |
|
||||
| passphrase | string | See [deriving keys from passphrases](#deriving-keys-from-passphrases) section for a description of this property. |
|
||||
|
||||
|
|
@ -56,6 +56,18 @@ will be used to encrypt all secrets that the user would expect to be
|
|||
available on all their clients. Unless the user specifies otherwise,
|
||||
clients will try to use the default key to decrypt secrets.
|
||||
|
||||
Clients that want to present a simplified interface to users by not supporting
|
||||
multiple keys should use the default key if one is specified. If not default
|
||||
key is specified, the client may behave as if there is no key is present at
|
||||
all. When such a client creates a key, it should mark that key as being the
|
||||
default key.
|
||||
|
||||
`DefaultKey`
|
||||
|
||||
| Parameter | Type | Description
|
||||
|------------|-----------|------------------------------------------|
|
||||
| key | string | **Required.** The ID of the default key. |
|
||||
|
||||
##### Secret storage
|
||||
|
||||
Encrypted data is stored in the user's account\_data using the event
|
||||
|
|
@ -118,6 +130,16 @@ and the key descriptions for the keys would be:
|
|||
}
|
||||
```
|
||||
|
||||
If `key_id_1` is the default key, then we also have:
|
||||
|
||||
`m.secret_storage.default_key`:
|
||||
|
||||
```
|
||||
{
|
||||
"key": "key_id_1"
|
||||
}
|
||||
```
|
||||
|
||||
###### `m.secret_storage.v1.aes-hmac-sha2`
|
||||
|
||||
Secrets encrypted using the `m.secret_storage.v1.aes-hmac-sha2`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue