Skip to content

MSC1946: Secure Secret Storage and Sharing #1946

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Nov 13, 2019
Merged

MSC1946: Secure Secret Storage and Sharing #1946

Changes from 1 commit
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
63c6d03
draft of secure server-side storage
uhoreg Mar 28, 2019
979827b
rename to match MSC number
uhoreg Mar 28, 2019
da5ce91
add sharing secrets, and a bunch of cleanups
uhoreg May 31, 2019
fee2ebf
fix typo
uhoreg Jun 2, 2019
3aaf181
rename some things and add clarification
uhoreg Jul 2, 2019
395d403
fix typos and make valid JSON
uhoreg Jul 31, 2019
d47e13c
this FIXME will be addressed in the key backup MSC
uhoreg Jul 31, 2019
bd9efcd
add some information and an example
uhoreg Jul 31, 2019
4e2fe12
wording fixes/clarifications
uhoreg Aug 26, 2019
cafe49d
some clarifications
uhoreg Aug 27, 2019
9aade72
make it agree with what we actually did with key requests
uhoreg Aug 27, 2019
9dfca61
Apply suggestions from code review
uhoreg Oct 23, 2019
b27f698
more clarifications
uhoreg Oct 23, 2019
86eccc3
change how we mark the default key, and make sure clients trust keys
uhoreg Oct 25, 2019
4fadace
Update proposals/1946-secure_server-side_storage.md
uhoreg Oct 28, 2019
5cc5908
Update proposals/1946-secure_server-side_storage.md
uhoreg Nov 7, 2019
e8ce135
add clarification and examples
uhoreg Nov 8, 2019
fc79355
make the default key event an object
uhoreg Nov 12, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add clarification and examples
  • Loading branch information
@uhoreg
uhoreg committed Nov 8, 2019
commit e8ce135a411e5fa2715f9d1cbd57f0fc232bc98f
29 changes: 27 additions & 2 deletions proposals/1946-secure_server-side_storage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,9 @@ clients will try to use the default key to decrypt secrets.
Clients MUST ensure that the key is trusted before using it to encrypt secrets.
One way to do that is to have the client that creates the key sign the key
description (as signed JSON) using the user's master cross-signing key.
Another way to do that is to prompt the user to enter the passphrase and ensure
that the generated private key correponds to the public key.
Another way to do that is to prompt the user to enter the passphrase used to
generate the encryption key and ensure that the generated private key
corresponds to the public key.

#### Secret storage

Expand All @@ -79,6 +80,8 @@ Example:

Some secret is encrypted using keys with ID `key_id_1` and `key_id_2`:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It’s unclear how the key_id_X relates to the [key ID] above. can the json example include the event details so we can see how it looks in account_data?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have added to the example


`org.example.some.secret`:

```json
{
"encrypted": {
Expand All @@ -95,6 +98,28 @@ Some secret is encrypted using keys with ID `key_id_1` and `key_id_2`:
}
```

and the key descriptions for the keys would be:

`m.secret_storage.key.key_id_1`:

```json
{
"name": "Some key",
"algorithm": "m.secret_storage.v1.curve25519-aes-sha2",
// ... other properties according to algorithm
}
```

`m.secret_storage.key.key_id_2`:

```json
{
"name": "Some other key",
"algorithm": "m.secret_storage.v1.curve25519-aes-sha2",
// ... other properties according to algorithm
}
```

#### Encryption algorithms

##### `m.secret_storage.v1.curve25519-aes-sha2`
Expand Down