|
|
|
|
@ -944,6 +944,13 @@ example, if Alice and Bob verify each other using SAS, Alice's
|
|
|
|
|
`mac` property. Servers therefore must ensure that device IDs will not
|
|
|
|
|
collide with cross-signing public keys.
|
|
|
|
|
|
|
|
|
|
The cross-signing private keys can be stored on the server or shared with other
|
|
|
|
|
devices using the [Secrets](#secrets) module. When doing so, the master,
|
|
|
|
|
user-signing, and self-signing keys are identified using the names
|
|
|
|
|
`m.cross_signing.master`, `m.cross_signing.user_signing`, and
|
|
|
|
|
`m.cross_signing.self_signing`, respectively, and the keys are base64-encoded
|
|
|
|
|
before being encrypted.
|
|
|
|
|
|
|
|
|
|
###### Key and signature security
|
|
|
|
|
|
|
|
|
|
A user's master key could allow an attacker to impersonate that user to
|
|
|
|
|
@ -1083,6 +1090,11 @@ as follows:
|
|
|
|
|
When reading in a recovery key, clients must disregard whitespace, and
|
|
|
|
|
perform the reverse of steps 1 through 3.
|
|
|
|
|
|
|
|
|
|
The recovery key can also be stored on the server or shared with other devices
|
|
|
|
|
using the [Secrets](#secrets) module. When doing so, it is identified using the
|
|
|
|
|
name `m.megolm_backup.v1`, and the key is base64-encoded before being
|
|
|
|
|
encrypted.
|
|
|
|
|
|
|
|
|
|
###### Backup algorithm: `m.megolm_backup.v1.curve25519-aes-sha2`
|
|
|
|
|
|
|
|
|
|
When a backup is created with the `algorithm` set to
|
|
|
|
|
|
Hubert Chathi
4 years ago
committed by