switch to MSC1946 for storing recovery key

pull/977/head
Hubert Chathi 5 years ago
parent 825757ffd8
commit 80adbaff4c

@ -102,8 +102,8 @@ settings.
### Recovery key
The recovery key can be saved by the user directly, stored encrypted on the
server (as proposed in
[MSC1687](https://github.com/matrix-org/matrix-doc/issues/1687)), or both. If
server (using the method proposed in
[MSC1946](https://github.com/matrix-org/matrix-doc/issues/1946)), or both. If
the key is saved directly by the user, then the code is constructed as follows:
1. The 256-bit curve25519 private key is prepended by the bytes `0x8B` and
@ -124,6 +124,29 @@ results in 0, and ensure that the total length of the decoded string
is 35 bytes. Clients must then remove the first two bytes and the last byte,
and use the resulting string as the private key to decrypt backups.
If MSC1946 is used to store the key on the server, it must be stored using the
`account_data` `type` `m.megolm_backup.v1`.
As a special case, if the recovery key is the same as the curve25519 key used
for storing the key, then the contents of the `m.megolm_backup.v1`
`account_data` for that key will be the an object with a `passthrough` property
whose value is `true`. For example, if `m.megolm_backup.v1` is set to:
```json
{
"encrypted": {
"key_id": {
"passthrough": true
}
}
}
```
means that the recovery key for the backup is the same as the private key for
the key with ID `key_id`. (This is mostly intended to provide a migration path
for for backups that were created using an earlier draft that stored the
recovery information in the `auth_data`.)
### API
#### Backup versions

Loading…
Cancel
Save