Mastodon: Add end-to-end encryption API

栏目: IT技术 · 发布时间: 4年前

内容简介:A set of APIs required for the double ratchet encryption algorithm, specifically the Olm implementation developed by Matrix -- but it should be roughly the same as libsignal. An additional layer on top of it is so-called message franking, which allows encr

Fix #1093

A set of APIs required for the double ratchet encryption algorithm, specifically the Olm implementation developed by Matrix -- but it should be roughly the same as libsignal. An additional layer on top of it is so-called message franking, which allows encrypted messages to be reported to content moderators without compromising keys or message contents ahead of time while also preventing fake reports.

Development of E2EE capabilities into the web UI is not in scope of this PR.

REST API overview

To support Olm, the following APIs are required:

  • Uploading keys for a device (current app)
  • Querying available devices of people you want to establish a session with
  • Claiming a pre-key (one-time-key) for each device you want to establish a session with
  • Sending encrypted messages directly to specific devices of other people

Message franking

The sending client generates a new HMAC key and includes it in the to-be-encrypted message. It then generates a HMAC-SHA256 value from the to-be-encrypted message and sends it along with the encrypted message. The server, when forwarding the encrypted message to the recipient, composes a metadata summary for the message that includes the HMAC-SHA256 value, and then signs it using its own key. This metadata summary is forwarded along with the encrypted message itself to the recipient and discarded.

Upon reception of the encrypted message, the receiving client verifies the decrypted contents match the HMAC-SHA256 value from the metadata summary using the HMAC key provided in the decrypted contents. If they don't match, the message is discarded.

Should the receiving client desire to report the encrypted message and reveal its contents to the content moderators, the metadata summary is sent along with the report. The server can then verify its own signature on it and trust that the revealed contents are authentic.

Federation

:warning: Requires design of new JSON-LD vocabulary.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Developing Large Web Applications

Developing Large Web Applications

Kyle Loudon / Yahoo Press / 2010-3-15 / USD 34.99

As web applications grow, so do the challenges. These applications need to live up to demanding performance requirements, and be reliable around the clock every day of the year. And they need to withs......一起来看看 《Developing Large Web Applications》 这本书的介绍吧!

在线进制转换器
在线进制转换器

各进制数互转换器

HTML 编码/解码
HTML 编码/解码

HTML 编码/解码