matrix-spec/api/server-server/definitions/keys.yaml

# Copyright 2018 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
type: object
title: Server Keys
description: Server keys
example:
  $ref: "../examples/server_key.json"
properties:
  server_name:
    type: string
    description: DNS name of the homeserver.
    required: true
    example: "example.org"
  verify_keys:
    type: object
    description: |-
      Public keys of the homeserver for verifying digital signatures. 
      
      The object's key is the algorithm and version combined (``ed25519`` being the 
      algorithm and ``abc123`` being the version in the example below). Together,
      this forms the Key ID. The version must have characters matching the regular
      expression ``[a-zA-Z0-9_]``.
    required: true
    additionalProperties:
      type: object
      title: Verify Key
      example: {
        "ed25519:abc123": {
          "key": "VGhpcyBzaG91bGQgYmUgYSByZWFsIGVkMjU1MTkgcGF5bG9hZA"
        }
      }
      properties:
        key:
          type: string
          description: The `Unpadded Base64`_ encoded key.
          required: true
          example: "VGhpcyBzaG91bGQgYmUgYSByZWFsIGVkMjU1MTkgcGF5bG9hZA"
  old_verify_keys:
    type: object
    description: |-
      The public keys that the server used to use and when it stopped using them. 
      
      The object's key is the algorithm and version combined (``ed25519`` being the 
      algorithm and ``0ldK3y`` being the version in the example below). Together,
      this forms the Key ID. The version must have characters matching the regular
      expression ``[a-zA-Z0-9_]``.
    additionalProperties:
      type: object
      title: Old Verify Key
      example: {
        "ed25519:0ldK3y": {
          "expired_ts": 1532645052628,
          "key": "VGhpcyBzaG91bGQgYmUgeW91ciBvbGQga2V5J3MgZWQyNTUxOSBwYXlsb2FkLg"
        }
      }
      properties:
        expired_ts:
          type: integer
          format: int64
          description: POSIX timestamp in milliseconds for when this key expired.
          required: true
          example: 1532645052628
        key:
          type: string
          description: The `Unpadded Base64`_ encoded key.
          required: true
          example: "VGhpcyBzaG91bGQgYmUgeW91ciBvbGQga2V5J3MgZWQyNTUxOSBwYXlsb2FkLg"
  signatures:
    type: object
    description: Digital signatures for this object signed using the ``verify_keys``.
    additionalProperties:
      type: object
      title: Signed Server
      example: {
        "example.org": {
          "ad25519:abc123": "VGhpcyBzaG91bGQgYWN0dWFsbHkgYmUgYSBzaWduYXR1cmU"
        }
      }
      additionalProperties:
        type: string
        name: Encoded Signature Verification Key
  tls_fingerprints:
    type: array
    description: Hashes of X.509 TLS certificates used by this server.
    items:
      type: object
      title: TLS Fingerprint
      properties:
        sha256:
          type: string
          description: The `Unpadded Base64`_ encoded fingerprint.
          example: "VGhpcyBpcyBoYXNoIHdoaWNoIHNob3VsZCBiZSBieXRlcw"
  valid_until_ts:
    type: integer
    format: int64
    description: |-
      POSIX timestamp when the list of valid keys should be refreshed. Keys used beyond this
      timestamp are no longer valid.
    example: 1052262000000