change how we mark the default key, and make sure clients trust keys

pull/977/head
Hubert Chathi 5 years ago
parent b27f6985b2
commit 86eccc3bc8

@ -48,11 +48,17 @@ A key with ID `abcdefg` is stored in `m.secret_storage.key.abcdefg`
}
```
If a key has the `name` property set to `m.default`, then this key is treated as
the default key for the account. The default key is the one that all secrets
will be encrypted with, and that clients will try to use to decrypt data with,
unless the user specifies otherwise. Only one key can be marked as the default
at a time.
A key can be marked as the "default" key by setting the user's account_data
with event type `m.secret_storage.default_key` to the ID of the key. The
default key will be used to encrypet all secrets that the user would expect to
be available on all their clients. Unless the user specifies otherwise,
clients will try to use the default key to decrypt secrets.
Clients MUST ensure that the key is trusted before using it to encrypt secrets.
One way to do that is to have the client that creates the key sign the key
description (as signed JSON) using the user's master cross-signing key.
Another way to do that is to prompt the user to enter the passphrase and ensure
that the generated private key correponds to the public key.
#### Secret storage

Loading…
Cancel
Save