|
|
@ -46,12 +46,12 @@ GET /_matrix/identity/v2/hash_details
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
This endpoint takes no parameters, and simply returns supported hash algorithms
|
|
|
|
This endpoint takes no parameters, and simply returns supported hash algorithms
|
|
|
|
and pepper as a JSON object:
|
|
|
|
and peppers as a JSON object:
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
```
|
|
|
|
{
|
|
|
|
{
|
|
|
|
"lookup_pepper": "matrixrocks",
|
|
|
|
"lookup_pepper": "matrixrocks",
|
|
|
|
"algorithm": "sha256",
|
|
|
|
"algorithms": ["sha256"],
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
@ -60,9 +60,11 @@ returned for other endpoints in the future.
|
|
|
|
|
|
|
|
|
|
|
|
Clients should request this endpoint each time before making a `/lookup` or
|
|
|
|
Clients should request this endpoint each time before making a `/lookup` or
|
|
|
|
`/bulk_lookup` request, to handle identity servers which may rotate their
|
|
|
|
`/bulk_lookup` request, to handle identity servers which may rotate their
|
|
|
|
pepper values frequently.
|
|
|
|
pepper values frequently. Clients must choose one of the given hash algorithms
|
|
|
|
|
|
|
|
to encrypt the 3pid during lookup.
|
|
|
|
|
|
|
|
|
|
|
|
An example of generating a hash using the above hash and pepper is as follows:
|
|
|
|
An example of generating a hash using SHA-256 and the provided pepper is as
|
|
|
|
|
|
|
|
follows:
|
|
|
|
|
|
|
|
|
|
|
|
```python
|
|
|
|
```python
|
|
|
|
address = "user@example.org"
|
|
|
|
address = "user@example.org"
|
|
|
@ -73,10 +75,12 @@ print(result_address)
|
|
|
|
vNjEQuRCOmBp/KTuIpZ7RUJgPAbVAyqa0Uzh770tQaw
|
|
|
|
vNjEQuRCOmBp/KTuIpZ7RUJgPAbVAyqa0Uzh770tQaw
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
SHA-256 MUST be supported by both servers and clients at a minimum. It has been
|
|
|
|
Possible hashing algorithms will be defined in the Matrix specification, and an
|
|
|
|
chosen as it is [currently used
|
|
|
|
Identity Server can choose to implement one or all of them. Later versions of
|
|
|
|
elsewhere](https://matrix.org/docs/spec/server_server/r0.1.2#adding-hashes-and-signatures-to-outgoing-events)
|
|
|
|
the specification may deprecate algorithms when necessary. Currently the only
|
|
|
|
in the Matrix protocol, and is reasonably secure as of 2019.
|
|
|
|
listed hashing algorithm is SHA-256 as defined by [RFC
|
|
|
|
|
|
|
|
4634](https://tools.ietf.org/html/rfc4634) and Identity Servers and clients
|
|
|
|
|
|
|
|
MUST agree to its use with the string `sha256`.
|
|
|
|
|
|
|
|
|
|
|
|
When performing a lookup, the pepper and hashing algorithm the client used must
|
|
|
|
When performing a lookup, the pepper and hashing algorithm the client used must
|
|
|
|
be part of the request body. If they do not match what the server has on file
|
|
|
|
be part of the request body. If they do not match what the server has on file
|
|
|
|