|
|
|
# Copyright 2018 New Vector Ltd
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
type: object
|
|
|
|
title: Server Keys
|
|
|
|
description: Server keys
|
|
|
|
example:
|
|
|
|
$ref: "../examples/server_key.json"
|
|
|
|
properties:
|
|
|
|
server_name:
|
|
|
|
type: string
|
|
|
|
description: DNS name of the homeserver.
|
|
|
|
example: "example.org"
|
|
|
|
verify_keys:
|
|
|
|
type: object
|
|
|
|
description: |-
|
|
|
|
Public keys of the homeserver for verifying digital signatures.
|
|
|
|
|
|
|
|
The object's key is the algorithm and version combined (`ed25519` being the
|
|
|
|
algorithm and `abc123` being the version in the example below). Together,
|
|
|
|
this forms the Key ID. The version must have characters matching the regular
|
|
|
|
expression `[a-zA-Z0-9_]`.
|
|
|
|
additionalProperties:
|
|
|
|
type: object
|
|
|
|
title: Verify Key
|
|
|
|
example: {
|
|
|
|
"ed25519:abc123": {
|
|
|
|
"key": "VGhpcyBzaG91bGQgYmUgYSByZWFsIGVkMjU1MTkgcGF5bG9hZA"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
properties:
|
|
|
|
key:
|
|
|
|
type: string
|
|
|
|
description: The [Unpadded base64](/appendices/#unpadded-base64) encoded key.
|
|
|
|
example: "VGhpcyBzaG91bGQgYmUgYSByZWFsIGVkMjU1MTkgcGF5bG9hZA"
|
|
|
|
required: ["key"]
|
|
|
|
old_verify_keys:
|
|
|
|
type: object
|
|
|
|
description: |-
|
|
|
|
The public keys that the server used to use and when it stopped using them.
|
|
|
|
|
|
|
|
The object's key is the algorithm and version combined (`ed25519` being the
|
|
|
|
algorithm and `0ldK3y` being the version in the example below). Together,
|
|
|
|
this forms the Key ID. The version must have characters matching the regular
|
|
|
|
expression `[a-zA-Z0-9_]`.
|
|
|
|
additionalProperties:
|
|
|
|
type: object
|
|
|
|
title: Old Verify Key
|
|
|
|
example: {
|
|
|
|
"ed25519:0ldK3y": {
|
|
|
|
"expired_ts": 1532645052628,
|
|
|
|
"key": "VGhpcyBzaG91bGQgYmUgeW91ciBvbGQga2V5J3MgZWQyNTUxOSBwYXlsb2FkLg"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
properties:
|
|
|
|
expired_ts:
|
|
|
|
type: integer
|
|
|
|
format: int64
|
|
|
|
description: POSIX timestamp in milliseconds for when this key expired.
|
|
|
|
example: 1532645052628
|
|
|
|
key:
|
|
|
|
type: string
|
|
|
|
description: The [Unpadded base64](/appendices/#unpadded-base64) encoded key.
|
|
|
|
example: "VGhpcyBzaG91bGQgYmUgeW91ciBvbGQga2V5J3MgZWQyNTUxOSBwYXlsb2FkLg"
|
|
|
|
required: ["expired_ts", "key"]
|
|
|
|
signatures:
|
|
|
|
type: object
|
|
|
|
description: |-
|
|
|
|
Digital signatures for this object signed using the `verify_keys`.
|
|
|
|
|
|
|
|
The signature is calculated using the process described at [Signing JSON](/appendices/#signing-json).
|
|
|
|
title: Signatures
|
|
|
|
additionalProperties:
|
|
|
|
type: object
|
|
|
|
additionalProperties:
|
|
|
|
type: string
|
|
|
|
valid_until_ts:
|
|
|
|
type: integer
|
|
|
|
format: int64
|
|
|
|
description: |-
|
|
|
|
POSIX timestamp when the list of valid keys should be refreshed. This field MUST
|
|
|
|
be ignored in room versions 1, 2, 3, and 4. Keys used beyond this timestamp MUST
|
|
|
|
be considered invalid, depending on the [room version specification](/#room-versions).
|
|
|
|
|
|
|
|
Servers MUST use the lesser of this field and 7 days into the future when
|
|
|
|
determining if a key is valid. This is to avoid a situation where an attacker
|
|
|
|
publishes a key which is valid for a significant amount of time without a way
|
|
|
|
for the homeserver owner to revoke it.
|
|
|
|
example: 1052262000000
|
|
|
|
required: ["server_name", "verify_keys"]
|