|
|
@ -28,8 +28,8 @@ Example flow:
|
|
|
|
1. Alice and Bob meet in person, and want to verify each other's keys.
|
|
|
|
1. Alice and Bob meet in person, and want to verify each other's keys.
|
|
|
|
2. Bob tells his device to display a QR code. Bob's device displays a
|
|
|
|
2. Bob tells his device to display a QR code. Bob's device displays a
|
|
|
|
QR code that encodes the URL
|
|
|
|
QR code that encodes the URL
|
|
|
|
`https://matrix.to/#/<user-id>?device=<device-id>&action=verify&pubkey=<device-signing-public-key-in-base64>`
|
|
|
|
`https://matrix.to/#/<user-id>?device=<device-id>action=verify&key_<keyid>=<key-in-base64>...`
|
|
|
|
(when `mx:` URLs are specced, this will be used instead).
|
|
|
|
(when `matrix:` URLs are specced, this will be used instead).
|
|
|
|
3. Alice scans the QR code.
|
|
|
|
3. Alice scans the QR code.
|
|
|
|
4. Alice's device ensures that the user ID in the QR code is the same as the
|
|
|
|
4. Alice's device ensures that the user ID in the QR code is the same as the
|
|
|
|
expected user ID. This can be done by prompting Alice with the user ID, or
|
|
|
|
expected user ID. This can be done by prompting Alice with the user ID, or
|
|
|
@ -64,6 +64,7 @@ message contents:
|
|
|
|
- `from_device`: the ID of the device that Alice is using
|
|
|
|
- `from_device`: the ID of the device that Alice is using
|
|
|
|
- `transaction_id`: an identifier for the transaction. Must be unique on
|
|
|
|
- `transaction_id`: an identifier for the transaction. Must be unique on
|
|
|
|
Alice's device.
|
|
|
|
Alice's device.
|
|
|
|
|
|
|
|
- `keys_ids`: array of key IDs to verify.
|
|
|
|
|
|
|
|
|
|
|
|
#### `m.key.verification.check_own_key`
|
|
|
|
#### `m.key.verification.check_own_key`
|
|
|
|
|
|
|
|
|
|
|
@ -71,10 +72,10 @@ Tells Alice's device what Bob's device thinks her key is.
|
|
|
|
|
|
|
|
|
|
|
|
message contents:
|
|
|
|
message contents:
|
|
|
|
|
|
|
|
|
|
|
|
- `key`: The key that Bob's device has for Alice's device
|
|
|
|
- `keys`: A map of key IDs to the key that Bob's device has
|
|
|
|
- `transaction_id`: the transaction ID from the
|
|
|
|
- `transaction_id`: the transaction ID from the `m.key.verification.start`
|
|
|
|
`m.key.verification.reciprocate` message
|
|
|
|
message
|
|
|
|
- `signatures`: signature of the key and transaction ID, signed using Bob's key
|
|
|
|
- `signatures`: signature of the keys and transaction ID, signed using Bob's key
|
|
|
|
|
|
|
|
|
|
|
|
Tradeoffs/Alternatives
|
|
|
|
Tradeoffs/Alternatives
|
|
|
|
----------------------
|
|
|
|
----------------------
|
|
|
|