Commit 14c5ea70 authored by Denis Kasak's avatar Denis Kasak
Browse files

Describe the session export format.

This is the Megolm session format used for `m.forwarded_room_key`, the
server-side room key backups and Megolm key file exports in the Matrix
specification and implementations.
parent ee1b0c8a
Pipeline #21458 passed with stages
in 5 minutes and 54 seconds
......@@ -182,9 +182,13 @@ but the decision of which ratchet states to cache is left to the application.
## Data exchange formats
### Session-sharing format
### Session sharing format
The Megolm key-sharing format is as follows:
This format is used for the initial sharing of a Megolm session with other
group participants who need to be able to read messages encrypted by this
The session sharing format is as follows:
......@@ -202,6 +206,33 @@ part of the Ed25519 keypair $`K`$.
The data is then signed using the Ed25519 keypair, and the 64-byte signature is
### Session export format
Once the session is initially shared with the group participants, each
participant needs to retain a copy of the session if they want to maintain
their ability to decrypt messages encrypted with that session.
For forward-secrecy purposes, a participant may choose to store a ratcheted
version of the session. But since the ratchet index is covered by the
signature, this would invalidate the signature. So we define a similar format,
called the *session export format*, which is identical to the [session sharing
format](#session-sharing-format) except for dropping the signature.
The Megolm session export format is thus as follows:
| V | i | R(i,0) | R(i,1) | R(i,2) | R(i,3) | Kpub |
0 1 5 37 69 101 133 165 bytes
The version byte, ``V``, is ``"\x02"``.
This is followed by the ratchet index, $`i`$, which is encoded as a
big-endian 32-bit integer; the ratchet values $`R_{i,j}`$; and the public
part of the Ed25519 keypair $`K`$.
### Message format
Megolm messages consist of a one byte version, followed by a variable length
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment