archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
toger5/matrixRTC
kegan/fallback-keys
hughns/device-signing-upload-uia
travis/msc/verified-accounts-part1
rav/authentication-for-media
toger5/expiring-events-keep-alive
toger5/matrixrtc-call-ringing
main
tulir/fix-reply-intentional-mentions
element-hq/oidc-qr-login
travis/msc/t2bot/bot-buttons
travis/msc/head-media-download
travis/msc/update-cors
travis/msc/fix-x-matrix-auth
babolivier/m_locked
matthew/msc4136
rav/proposal/membership_on_events
old_master
travis/msc/remove-qs-auth
hughns/gha-update
travis/msc/voluntary-flagging
travis/reinstated-events
johannes/rich-room-topics
travis/msc/appservice-soft-failure
hughns/simple-rendezvous-capability
travis/msc/feature-versioning
matthew/msc4103
kegan/fix-threaded-read-receipts
travis/msc/media-integrity
travis/msc/signing-key-purpose
travis/msc/media-redirect-auth-cdn
toger5/localTimestamp-server-sync
toger5/encrypted-event-indexing
kegan/complement-msc
justjanne/3981-relations-recursion
matthew/msc3018
travis/msc/delivery-receipts
giomfo/push_encrypted_events
matthew/msc4016
kegan/msc3884
stefan/pusher-creation
travis/msc/2244-ext-uia
matthew/msc4083
gsouquet/unsigned-thread-id
andybalaam/event-thread-and-order
hs/proposal-admin-contact-1
matthew/msc4076
kegan/sync-v3
rav/proposal/dead_device_key_claims
giomfo/tweak_email_notification
travis/msc/inhibit-profile
travis/msc/rules-prompt
travis/msc/mutable-events
travis/msc/additive-events
travis/msc/rbac-pl
clokep/mentions-mixin
travis/msc/room-id-is-create-event
travis/msc/send-as-server-or-room
travis/msc/room-send-key
travis/msc/make-send-pdu
hughns/sso-redirect-action
travis/msc/drop-ips
travis/msc/strict-user-id-grammar
travis/msc/iana/service_name
andybalaam/thread-root-is-not-in-thread
andybalaam/deleting-state
hs/shared-rooms
babolivier/relation_redaction
weeman1337/voice-broadcast
travis/msc/polls-notifs
alfogrillo/poll_history_cache
travis/msc/room-model-config
kegan/pseudo-ids
bwindels/relation-redactions
clokep/thumbnail-media-negotiation
dbkr/voip-completed-elsewhere
madlittlemods/gappy-timelines
dbkr/2746-fix-typos
dbkr/msc2746
hughns/login-token-requests
clokep/encrypted-mentions-only-rooms
travis/msc/enc-as/otk-query
travis/msc/inline-widgets
travis/msc/voice-messages
travis/msc/extev/translatable
travis/msc/extev/video
travis/msc/extev/images
travis/msc/extev/files
travis/msc/extev/audio
travis/msc/extev/encryption
travis/msc/extev/notices
travis/msc/extev/emotes
madlittlemods/forwards-fill
hughns/device-scope-txnid
madlittlemods/join-timestamp-massaging
madlittlemods/timestamp-to-event-causality-parameter
matthew/msc2716
madlittlemods/createroom-timestamp-massaging
madlittlemods/power-level-up
kerry/display-notification-reason
travis/msc/linearized-matrix
hughns/sign-in-with-qr
kegan/ssext-receipts
kegan/ssext-account-data
kegan/ssext-typing
andybalaam/dynamic-predecessor
travis/msc/enc-as/key-query
travis/msc/otk-dl-appservice
hs/as-txn-limit
hughns/x25519-secure-channel
travis/msc/ietf-mimi-framework
hs/reporting-fixes
hughns/sign-in-with-qr-v2
hughns/delegated-oidc-architecture
kerry/remote-local-notification-toggle
madlittlemods/dynamic-predecessor
johannes/event-match-dotted-keys
dbkr/msc2747
clokep/room-tag-notifications
matthew/msc1767
matthew/msc3277
kegan/msc3885
SimonBrandner/msc/sfu
matthew/group-voip
kerry/remote-push-toggle
kerry/user-agent-on-device
travis/msc/extev/push-rules
travis/msc/extev-rel/push-rule-feature-condition
travis/msc/extev-rel/bulk-push-rule-change-endpoint
travis/msc/extev/rver-cond
travis/msc/audio-waveform
SimonBrandner/msc/call-notif
hs/appservice-no-notifs
travis/msc/del-srv
travis/msc/ietf-mimi-transport
travis/msc/ietf-mimi-message-format
fayed/cryptographic-membership
eric/msc-jump-to-date
rav/proposal/linking_media_to_events
matthew/owner-pl
madlittlemods/appservice-interested-in-local-users
justjanne/messages-endpoint-threads-filter
rav/propsal/content_tokens_for_media
matthew/msc1763
rav/proposal/faster_joins
fayed/tofu
babolivier/m_not_approved
rei/unable_partial_state_room
travis/msc/custom-stickers
babolivier/user_status
johannes/event-match-almost-anything
babolivier/msc_presence_busy
travis/msc/welcome-message
anoa/blurhash
hs/errcode-specific-failure
anoa/custom_room_presets
travis/msc/federated-reports
aggregations-references
travis/extev/power-levels
johannes/cascading-profile-tags
richvdh-patch-1
travis/clarify-msc/aggregations-on-sync
clokep/threads-push-rule
andybalaam/owned-state
travis/msc/v10
travis/msc/widgets-send-recv-toDevice
matthew/location-streaming
andybalaam/owner-state-events
stefan/ephemeral-location-streaming
andybalaam/location-streaming-wip
rav/pr_templates
rav/readme
hawkowl/backfill-state
kerry/time-based-push-filtering
johannes/notify-in-app
erikj/deprecate_sender_key
babolivier/unread_counts
travis/msc/state-change-acls
andybalaam/state-sub-keys
hs/deactivated-user-metadata
gsouquet/threading-via-relations
neilalexander/plints
travis/msc/soft-logout-flows
travis/msc/simplified-join-rules
rav/no_preview_proposals
hs/fix-as-login-typo
rav/update_deps
rav/missing_changelog
rav/clarify_send_join
warning-untagged
release/v1.2
neilalexander/powerlevels
rei/msc/accdata_ases
anoa/numbers
matthew/typos
matthew/msc3676
stefan/encrypted-ephemeral-data-units
rav/fix_appservice_threepid_protocols
rav/empty_response_body_fixes
matthew/location
hs/widget-share-api
rav/allof-comments
dbkr/voip-early-media
gsouquet/from-param-msc3567
travis/msc/extev/replies-edits
neilalexander/msc/send
rav/proposal/drop-event-from-auth-events
release/v1.1
hs/appservice-login-spec
rav/fix_array_examples
shay/clarify_well_known
rav/fix_event_auth_spec
uhoreg/remove_room_message_feedback
hs/as-global-read
aggregation-cleanup
bwindels/aggregation-pagination
bwindels/relations-visibility
rav/update_validator
rav/fix_netlify_for_plus_branch
rav/move_prev_content
rav/fix_up_notifications
travis/msc/timeboxed-relations-endpoint
rav/remove_unsigned_from_federation_events
anoa/emote_clarifications
matthew/let-users-kick-each-other
rav/remove_event_def
hs/explicitly-link-RFC5870
kegan/spaces-summary
rav/no_rebuild_matrix.org
rav/netlify_previews
rav/del_bk_pipeline
rav/remove_old_templated
rav/fix_gen_swagger
matthew/guest-state-events
kegan/low-bandwidth
travis/msc/encrypted-state
hs/synthetic-appservice-events
daenney/msc-server-status
travis/msc/upgrade-state
dmr/remove_mentions_of_groups
travis/msc/widgets-send-receive-events
rav/pagination_conventions
rav/master2
neilalexander/binary
rav/pagination_clarifications
rav/api_conventions
anoa/spec_release_infra
rav/docstyle_json_properties
rav/doc_style
rav/readme_updates
dkasak/tweak-pdu-diagram
dkasak/newsfragment-for-3339
hs/widget-invite-api
anoa/duplicate_mimetype_info
erikj/counters
kitsune/counting-unread-messages
fix-croatian-sas-emoji
hs/proposal-appservice-login
travis/msc/modal-widgets
j94/members-knock
jryans/mobile-toc-overlap
hs/explicit-room-id-for-tombstones
travis/msc/space-flair
hs/soft-kicks
clokep/batch-state
anoa/clarify_concerns_during_fcp
matthew/msc1772
travis/msc/trees
message-timezone-markup
dbkr/msc3144
rav/fix_pdu_size
rav/proposals/id_grammar
travis/msc/uia-fix-optional
dbkr/voip_asserted_identity
matthew/msc2962
travis/msc/mutable-subtypes
babolivier/msc-room-label
anoa/test
travis/msc/typed-typing-notifs
dbkr/i_felt_your_presence
anoa/room_version_7
matthew/matrix-uri
matthew/msc3020
travis/msc/tos-api
travis/msc/widgets-http-transport
travis/msc/widgets-scoped
anoa/support-rendered-data
travis/msc/widgets-re-exchange-caps
travis/msc/member-apis-event-id
travis/msc/widgets-navigate-permission
msc-connect-matrix-to-matrix
travis/msc/1337-joined-rooms
kegan/msc/threading
matthew/msc2753
travis/msc/widget-client-identification
travis/msc/move-widget-title
travis/widgets
travis/msc/widget-caps-respond
matthew/msc2444
travis/msc/global-event-ids
dbkr/msc2845
uhoreg/keys_withheld
dbkr/msc2772
clokep/test-pusher
travis/msc/widgets-data-error
travis/msc/widget-id
rav/proposals/notification_attributes
travis/msc/roles
neilalexander/identities
matthew/msc2775
babolivier/device_lists_clients
rav/remove_oauth2
travis/msc/ipfs
travis/msc/thumbnail-types
travis/msc/mxc-deduplication
travis/msc/media-ids
travis/msc/rudimentary-media-auth
jryans/matrix-to-uri-v2
jryans/get-event-by-id
rei/pushrules_define_enabled
rei/bug_type_actions
hs/msc-bridge-inf
matthew/msc2278
rav/proposal/mark_unread
travis/msc/impl-guide
server_server/release-r0.1.4
client_server/release-r0.6.1
kegan/backfill-wording
ben/captions-proposal
poljar/event-id-required
benp/proposals-scraper-fix
anoa/gpdr17
giomfo/tagged_events
anoa/media_as_rooms
matthew/msc1777
babolivier/identity-versions
babolivier/msc_email_case
anoa/no_auth_on_submit_token
anoa/no_client_secret
rav/proposal/fix_alias_redaction
rav/proposal/change_aliases_auth_rules
anoa/msc_media_information_api
anoa/msc_separate_hs_api
hs/msc-as-versions2
hs/msc-as-versions
jryans/clarify-cross-signing-examples
erikj/invite_reject_reasons
matthew/msc2326
msc2313
matthew/msc2359
hs/msc-2356
client_server/release-r0.6.0
identity_service/release-r0.3.0
matthew/msc2228
travis/msc/integrations/base
matthew/msc2301
matthew/2326
rav/proposal/remove_mxids_from_events
travis/msc/integrations/select-none
travis/msc/immutable-dms
travis/msc/kill-msisdn-pw-reset
matthew/msc2300
babolivier/standardised-federation-response-format
msc2271
matthew/msc2270
poljar/key_request_fix
dbkr/tos_2
dbkr/is_in_account_data
travis/msc/rejoin-private-rooms
anoa/msc2233
anoa/msc2322
travis/msc/upgraded-private-rooms
hs/hash-identity
travis/msc/third-party-power
anoa/is_store_hashed_3pids
matthew/msc1849
server_server/release-r0.1.3
application_service/release-r0.1.2
push_gateway/release-r0.1.1
matthew/msc1849-rewrite
anoa/test_pr
jryans/msc-push-rule-reactions
jryans/room-one-to-one-push-rule
anoa/typooo
identity_service/release-r0.2.1
travis/msc/federation-capabilities
client_server/release-r0.5.0
server_server/release-r0.1.2
identity_service/release-r0.2.0
application_service/release-r0.1.1
anoa/hs_3pid_tokens
matthew/1.0/msc688-msc1227-lazy-loading
matthew/msc1779
bwindels/messages-chunk-order
anoa/clarify_email_sending
rav/proposal/no_trailing_slash_on_key_request
babolivier/password-policy
matthew/room_v4
dbkr/dummy_auth_for_disambiguation
hs/disable-presence
anoa/missing_punctuation3
anoa/typo2
anoa/typo
anoa/missing_punctuation
rav/fix_jenkins_comments
neilj/Remove-prev_content-from-the-essential-keys-list2
travis/msc/integrations/stickerpicker
neilj/Remove-prev_content-from-the-essential-keys-list
rav/proposal/no_slash_in_event_id
neilj/v3_rooms_by_default
uhoreg/fix_export_format
erikj/unbind_threepid_msc
hs/proposal-admin-contact
travis/msc/cancel-3pid-sessions
babolivier/alttext-sticker
anoa/add_space
benpa/spelling-fix
erikj/fed_invite_error_code
matthew/msc1796
server_server/release-r0.1.1
server_server/release-r0.1.0
erikj/event_id_hashes
neilj/remove_presence_lists
neilj/msc-remove-presence-lists
neilj/msc_remove_presence_lists
erikj/make_membership_room_ver
dbkr/encrypted-recovery-keys
travis/msc/profile-discovery
anoa/sticky_headers_fix
matthew/msc1769
matthew/msc1776
rav/proposal/cs_capabilities
erikj/state_res_rejections
erikj/rooms_v2
erikj/event_checks
revert-1730-rav/proposal/cs_api_in_login
dbkr/add_sandbox_to_csp
rav/msc1730/work
rav/simplify_msc1730
rav/proposals/homeserver_in_sso_login
rav/proposal/signing_signing_keys
erikj/soft_logout
travis/msc/wellknown-improvements
erikj/soft_fail
matthew/encrypted-recovery-keys
travis/misc/room-spec-full
travis/notes/3pid-invites
matthew/device_list_update
matthew/to-device
client_server/release-r0.4.0
identity_service/release-r0.1.0
erikj/limit_auth_events
erikj/auth_events
erikj/auth_rejections
erikj/spec_3pid_ruls
erikj/fixup_auth_rules
application_service/release-r0.1.0
push_gateway/release-r0.1.0
human-id-rules
erikj/limit_txn_size
hs/guests-can-fetch-events
dbkr/room_tag_grammar
drafts/e2e
erikj/state_res_msc
dbkr/fix_room_tags
hs/dns-to-be-hostname
anoa/openapi_3
benp/clarifyintro
anoa/as_thirdparty_lookup
travis/proposals-pagination
benpa/travisci-ignore-proposals
hs/appservice-use-auth.type
t3chguy/errs
t3chguy/erase
t3chguy/group_id
matthew/filter_members
michaelkaye/re_add_proposals
benparsons/proposalsCI
t3chguy/search_docs
rxl881/stickerpack
proposals
rav/test
rxl881/stickers
rooms/event
dbkr/fix_keys_changes
dbkr/keys_query_token
client_server/r0.3.0_updates
dbkr/is_bulk_lookup
dbkr/threepid_add_msisdn
rav/travis
client_server/r0.2.0_updates
rav/projects-guillotine
babolivier/fix-invite-example
babolivier/third-party-invites
babolivier/fix-get-room-alias
leonerd/circle
dbkr/remove_unused_is_file_2
dbkr/remove_unused_is_file
markjh/thumbnail_url
markjh/replays
paul/thirdparty-lookup
dbkr/push_examples_api_path
erikj/report
dbkr/identity_api_right_path
dbkr/notifs_api
erikj/filter_url
rav/access_tokens
dbkr/clarify_highlight_and_sound
matthew/fix_state_sending_desc
dbkr/contains_display_name_override
dbkr/add_dot
markjh/filename
release/client-server/r0.2.0
erikj/account_deactivate
dbkr/more_requesttokens
dbkr/dont_line_wrap_rst
dbkr/threepid_requesttoken
erikj/presence
dbkr/default_state_defaults
drafts/reinstate_device_push_rules
rav/json_schema
paul/update-howto-for-r0
paul/migrating-from-v1
dbkr/fix_directory_path
dbkr/get_pushers
dbkr/add_push_change_event_id
markjh/pushrule_stream
dbkr/notification_counts
markjh/change_action
markjh/get_enabled
dbkr/fix_meta_escaping
markjh/default_rules
markjh/remove_device_specific_rules
dbkr/profile_return_null
markjh/3pid_login
markjh/three_pid_creds
invalid_user_name
erikj/create_room_3pid_invite
markjh/guest_access
markjh/account_data_filters
markjh/room_filter
markjh/wildcards
paul/federation
erikj/search_yet_agian
markjh/filter_inline
erikj/event_context_api
markjh/archived_flag
markjh/client_config
markjh/room_tags
more_nesting
markjh/syntax_highlighting_message_examples
markjh/full_http_api_docs
markjh/v2_sync_prev_content
markjh/request_syntax_highlighting
erikj/search
markjh/event_syntax_highlighting
erikj/login_fallback_v1
templating-nested-request-objects
erikj/search_actual
markjh/list_formatting
markjh/blockquote_css
clarify_scale_crop
appservice-swagger
spec-182-asapi-user-creation
registration-swagger
invite-room-state
room-avatar
proofing
proofing2
module-history-vis
module-im
spec-177-events-max-len
spec-207-asapi-unique-tokens
erikj/newline_gendoc_STOP_BEING_CRANKY
spec-205-password-strength
directory-api
spec-144-https-examples
module-push
data-messages
html-messages
markjh/initial_sync_archived_flag
markjh/v2_sync_templating
markjh/v2_sync_api
erikj/disable_federation
release-0.2.0
module-presence
module-content-repo
erikj/room_create_preset
module-receipts
module-voip
module-typing2
spec-feature-profiles
erikj/invite_state
paragraphs
erikj/login_token
spec-module-format
unused-template-vars
macaroons
markjh/check_request_schema
markjh/node_swagger_validator
spec-restructure-modules
convert-to-modules
markjh/document_v1_rooms_api
markjh/jenkins
markjh/example_checker
markjh/codehighlighting
markjh/swagger_examples
markjh/event-schema
spec-file-structure
spec-edits-cleanup
markjh/gendoc_directory
client_server_v2_http_api
newlines
receipts
markjh/history_for_rooms_that_have_been_left
history_visibility
erikj/canonical_alias
csauth2
templating
event-schemas
as-register-modifications
erikj/as-register-removal
key_v2_fixes
csauth
key_v2
ua925_reshuffle
push
v2-presence
application-services
use-cases
client_server_v2
push_gateway/r0.1.0
r0.0.0
0.2.0
application_service/r0.1.0
application_service/r0.1.1
application_service/r0.1.2
client-server/r0.1.0
client-server/r0.2.0
client-server/r0.3.0
client_server/r0.4.0
client_server/r0.5.0
client_server/r0.6.0
client_server/r0.6.1
identity_service/r0.1.0
identity_service/r0.2.0
identity_service/r0.2.1
identity_service/r0.3.0
push_gateway/r0.1.1
r0.0.1
server_server/r0.1.0
server_server/r0.1.1
server_server/r0.1.2
server_server/r0.1.3
server_server/r0.1.4
v1.1
v1.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b26aa7fcf5'
${ noResults }
matrix-spec-proposals/content/client-server-api/modules/secrets.md

337 lines
14 KiB
Markdown
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
type: module
---
### Secrets
{{% added-in v="1.1" %}}
Clients may have secret information that they wish to be made available
to other authorised clients, but that the server should not be able to
see, so the information must be encrypted as it passes through the
server. This can be done either asynchronously, by storing encrypted
data on the server for later retrieval, or synchronously, by sending
messages to each other.
Each secret has an identifier that is used by clients to refer to the
secret when storing, fetching, requesting, or sharing the secret.
Secrets are plain strings; structured data can be stored by encoding it
as a string.
#### Storage
When secrets are stored on the server, they are stored in the user's
[account-data](#client-config), using an event type equal to the
secret's identifier. The keys that secrets are encrypted with are
described by data that is also stored in the user's account-data. Users
can have multiple keys, allowing them to control what sets of secrets
clients can access, depending on what keys are given to them.
##### Key storage
Each key has an ID, and the description of the key is stored in the
user's account\_data using the event type
`m.secret_storage.key.[key ID]`. The contents of the account data for
the key will include an `algorithm` property, which indicates the
encryption algorithm used, as well as a `name` property, which is a
human-readable name. Key descriptions may also have a `passphrase`
property for generating the key from a user-entered passphrase, as
described in [deriving keys from
passphrases](#deriving-keys-from-passphrases).
`KeyDescription`
| Parameter | Type | Description
|------------|-----------|-------------------------------------------------------------------------------------------------------------------------------------|
| name | string | Optional. The name of the key. If not given, the client may use a generic name such as "Unnamed key", or "Default key" if the key is marked as the default key (see below). |
| algorithm | string | **Required.** The encryption algorithm to be used for this key. Currently, only `m.secret_storage.v1.aes-hmac-sha2` is supported. |
| passphrase | string | See [deriving keys from passphrases](#deriving-keys-from-passphrases) section for a description of this property. |
Other properties depend on the encryption algorithm, and are described
below.
A key can be marked as the "default" key by setting the user's
account\_data with event type `m.secret_storage.default_key` to an
object that has the ID of the key as its `key` property. The default key
will be used to encrypt all secrets that the user would expect to be
available on all their clients. Unless the user specifies otherwise,
clients will try to use the default key to decrypt secrets.
Clients that want to present a simplified interface to users by not supporting
multiple keys should use the default key if one is specified. If not default
key is specified, the client may behave as if there is no key is present at
all. When such a client creates a key, it should mark that key as being the
default key.
`DefaultKey`
| Parameter | Type | Description
|------------|-----------|------------------------------------------|
| key | string | **Required.** The ID of the default key. |
##### Secret storage
Encrypted data is stored in the user's account\_data using the event
type defined by the feature that uses the data. The account\_data will
have an `encrypted` property that is a map from key ID to an object. The
algorithm from the `m.secret_storage.key.[key ID]` data for the given
key defines how the other properties are interpreted, though it's
expected that most encryption schemes would have `ciphertext` and `mac`
properties, where the `ciphertext` property is the unpadded
base64-encoded ciphertext, and the `mac` is used to ensure the integrity
of the data.
`Secret`
| Parameter | Type | Description |
|-----------|------------------|-------------|
| encrypted | {string: object} | **Required.** Map from key ID the encrypted data. The exact format for the encrypted data is dependent on the key algorithm. See the definition of `AesHmacSha2EncryptedData` in the [m.secret_storage.v1.aes-hmac-sha2](#msecret_storagev1aes-hmac-sha2) section. |
Example:
Some secret is encrypted using keys with ID `key_id_1` and `key_id_2`:
`org.example.some.secret`:
```
{
"encrypted": {
"key_id_1": {
"ciphertext": "base64+encoded+encrypted+data",
"mac": "base64+encoded+mac",
// ... other properties according to algorithm property in
// m.secret_storage.key.key_id_1
},
"key_id_2": {
// ...
}
}
}
```
and the key descriptions for the keys would be:
`m.secret_storage.key.key_id_1`:
```
{
"name": "Some key",
"algorithm": "m.secret_storage.v1.aes-hmac-sha2",
// ... other properties according to algorithm
}
```
`m.secret_storage.key.key_id_2`:
```
{
"name": "Some other key",
"algorithm": "m.secret_storage.v1.aes-hmac-sha2",
// ... other properties according to algorithm
}
```
If `key_id_1` is the default key, then we also have:
`m.secret_storage.default_key`:
```
{
"key": "key_id_1"
}
```
###### `m.secret_storage.v1.aes-hmac-sha2`
Secrets encrypted using the `m.secret_storage.v1.aes-hmac-sha2`
algorithm are encrypted using AES-CTR-256, and authenticated using
HMAC-SHA-256. The secret is encrypted as follows:
1. Given the secret storage key, generate 64 bytes by performing an
HKDF with SHA-256 as the hash, a salt of 32 bytes of 0, and with the
secret name as the info. The first 32 bytes are used as the AES key,
and the next 32 bytes are used as the MAC key
2. Generate 16 random bytes, set bit 63 to 0 (in order to work around
differences in AES-CTR implementations), and use this as the AES
initialization vector. This becomes the `iv` property, encoded using
base64.
3. Encrypt the data using AES-CTR-256 using the AES key generated
above. This encrypted data, encoded using base64, becomes the
`ciphertext` property.
4. Pass the raw encrypted data (prior to base64 encoding) through
HMAC-SHA-256 using the MAC key generated above. The resulting MAC is
base64-encoded and becomes the `mac` property.
`AesHmacSha2EncryptedData`
| Parameter | Type | Description
|------------|---------|------------------------------------------------------------------------|
| iv | string | **Required.** The 16-byte initialization vector, encoded as base64. |
| ciphertext | string | **Required.** The AES-CTR-encrypted data, encoded as base64. |
| mac | string | **Required.** The MAC, encoded as base64. |
For the purposes of allowing clients to check whether a user has
correctly entered the key, clients should:
1. encrypt and MAC a message consisting of 32 bytes of 0 as described
above, using the empty string as the info parameter to the HKDF in
step 1.
2. store the `iv` and `mac` in the `m.secret_storage.key.[key ID]`
account-data.
`AesHmacSha2KeyDescription`
| Parameter | Type | Description |
|-------------|--------|-----------------------------------------------------------------------------------------------------------------------------------|
| name | string | Optional. The name of the key. |
| algorithm | string | **Required.** The encryption algorithm to be used for this key. Currently, only `m.secret_storage.v1.aes-hmac-sha2` is supported. |
| passphrase | object | See [deriving keys from passphrases](#deriving-keys-from-passphrases) section for a description of this property. |
| iv | string | The 16-byte initialization vector, encoded as base64. |
| mac | string | The MAC of the result of encrypting 32 bytes of 0, encoded as base64. |
For example, the `m.secret_storage.key.key_id` for a key using this
algorithm could look like:
```json
{
"name": "m.default",
"algorithm": "m.secret_storage.v1.aes-hmac-sha2",
"iv": "random+data",
"mac": "mac+of+encrypted+zeros"
}
```
and data encrypted using this algorithm could look like this:
```json
{
"encrypted": {
"key_id": {
"iv": "16+bytes+base64",
"ciphertext": "base64+encoded+encrypted+data",
"mac": "base64+encoded+mac"
}
}
}
```
###### Key representation
When a user is given a raw key for `m.secret_storage.v1.aes-hmac-sha2`,
it will be presented as a string constructed as follows:
1. The key is prepended by the two bytes `0x8b` and `0x01`
2. All the bytes in the string above, including the two header bytes,
are XORed together to form a parity byte. This parity byte is
appended to the byte string.
3. The byte string is encoded using base58, using the same [mapping as
is used for Bitcoin
addresses](https://en.bitcoin.it/wiki/Base58Check_encoding#Base58_symbol_chart),
that is, using the alphabet
`123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz`.
4. The string is formatted into groups of four characters separated by
spaces.
When decoding a raw key, the process should be reversed, with the
exception that whitespace is insignificant in the user's input.
###### Deriving keys from passphrases
A user may wish to use a chosen passphrase rather than a randomly
generated key. In this case, information on how to generate the key from
a passphrase will be stored in the `passphrase` property of the
`m.secret_storage.key.[key ID]` account-data. The `passphrase` property
has an `algorithm` property that indicates how to generate the key from
the passphrase. Other properties of the `passphrase` property are
defined by the `algorithm` specified.
Currently, the only algorithm defined is `m.pbkdf2`. For the `m.pbkdf2` algorithm, the `passphrase` property has the
following properties:
| Parameter | Type | Description |
|------------|---------|------------------------------------------------------------------------|
| algorithm | string | **Required.** Must be `m.pbkdf2` |
| salt | string | **Required.** The salt used in PBKDF2. |
| iterations | integer | **Required.** The number of iterations to use in PBKDF2. |
| bits | integer | Optional. The number of bits to generate for the key. Defaults to 256. |
The key is generated using PBKDF2 with SHA-512 as the hash, using the
salt given in the `salt` parameter, and the number of iterations given
in the `iterations` parameter.
Example:
```
{
"passphrase": {
"algorithm": "m.pbkdf2",
"salt": "MmMsAlty",
"iterations": 100000,
"bits": 256
},
...
}
```
#### Sharing
To request a secret from other devices, a client sends an
`m.secret.requests` device event with `action` set to `request` and
`name` set to the identifier of the secret. A device that wishes to
share the secret will reply with an `m.secret.send` event, encrypted
using olm. When the original client obtains the secret, it sends an
`m.secret.request` event with `action` set to `request_cancellation` to
all devices other than the one that it received the secret from. Clients
should ignore `m.secret.send` events received from devices that it did
not send an `m.secret.request` event to.
Clients must ensure that they only share secrets with other devices that
are allowed to see them. For example, clients should only share secrets
with the users own devices that are verified and may prompt the user to
confirm sharing the secret.
##### Event definitions
###### `m.secret.request`
Sent by a client to request a secret from another device or to cancel a
previous request. It is sent as an unencrypted to-device event.
| Parameter | Type | Description |
|-----------------------|--------|----------------------------------------------------------------------------------------|
| name | string | Required if ``action`` is ``request``. The name of the secret that is being requested. |
| action | enum | **Required.** One of ["request", "request_cancellation"]. |
| requesting_device_id | string | **Required.** The ID of the device requesting the secret. |
| request_id | string | **Required.** A random string uniquely identifying (with respect to the requester and the target) the target for a secret. If the secret is requested from multiple devices at the same time, the same ID may be used for every target. The same ID is also used in order to cancel a previous request. |
Example:
```json
{
"name": "org.example.some.secret",
"action": "request",
"requesting_device_id": "ABCDEFG",
"request_id": "randomly_generated_id_9573"
}
```
###### `m.secret.send`
Sent by a client to share a secret with another device, in response to
an `m.secret.request` event. It must be encrypted as an
`m.room.encrypted` event, then sent as a to-device event.
| Parameter | Type | Description |
|-------------|--------|--------------------------------------------------------------|
| request_id | string | **Required.** The ID of the request that this a response to. |
| secret | string | **Required.** The contents of the secret. |
Example:
```json
{
"request_id": "randomly_generated_id_9573",
"secret": "ThisIsASecretDon'tTellAnyone"
}
```
Reference in New Issue View Git Blame Copy Permalink