Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-02 17:54:09 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

add some clarifications

Browse source
This commit is contained in:
Hubert Chathi 2020-01-24 12:50:51 -05:00
parent 379bb79b00
commit a8c7fda187
1 changed files with 20 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
proposals/1543-qr_code_key_verification.md
View file

@ -34,7 +34,13 @@ Example flow:
4. Bob's client prompts Bob to verify Alice's key. The prompt includes a QR 4. Bob's client prompts Bob to verify Alice's key. The prompt includes a QR
code that Alice can scan (if the `m.key.verification.request` message listed code that Alice can scan (if the `m.key.verification.request` message listed
`m.qr_code.scan.v1`), and an option to scan Alice's QR code (if the `m.qr_code.scan.v1`), and an option to scan Alice's QR code (if the
`m.key.verification.request` message listed `m.qr_code.show.v1`). `m.key.verification.request` message listed `m.qr_code.show.v1`). The QR
code encodes:
- Bob's Matrix user ID,
- Bob's keys that he wants Alice to verify (should contain at least his
master cross-signing key),
- what Bob thinks Alice's master cross-signing key is,
- a random shared secret.
5. Alice scans Bob's QR code. 5. Alice scans Bob's QR code.
6. Alice's device ensures that: 6. Alice's device ensures that:
- the user ID in the QR code is the same as the expected user ID (which it - the user ID in the QR code is the same as the expected user ID (which it
@ -45,14 +51,22 @@ Example flow:
- Alice's cross-signing key matches the cross-signing key encoded in the QR - Alice's cross-signing key matches the cross-signing key encoded in the QR
code. code.
If any of these checks fail, Alice's device displays an error message. If any of these checks fail, Alice's device displays an error message
indicating that the code is incorrect, and sends a
`m.key.verification.cancel` message to Bob's device.
Otherwise, at this point, Alice's device has now verified Bob's key, and her Otherwise, at this point, Alice's device has now verified Bob's key, and her
device will display a message saying that all is well. device will display a message saying that all is well.
7. Alice's device sends a `m.key.verification.start` message with `method` set 7. Alice's device sends a `m.key.verification.start` message with `method` set
to `m.reciprocate.v1` to Bob (see below). to `m.reciprocate.v1` to Bob (see below). The message includes the shared
8. Upon receipt of the `m.key.verification.start` message, Bob's device secret from the QR code.
presents a button for him to press /after/ he has checked that Alice's 8. Upon receipt of the `m.key.verification.start` message, Bob's device ensures
device says that things match. that the shared secret matches, and if so, presents a button for him to press
/after/ he has checked that Alice's device says that things match, and a
button for him to press if Alice's device indicates that the QR code is
invalid or if Alice has not yet scanned. If the shared secret does not
match, it should display an error message indicating that an attack was
attempted. (This does not affect Alice's verification of Bob's keys.)
9. Bob sees Alice's device confirm that the key matches, and presses the button 9. Bob sees Alice's device confirm that the key matches, and presses the button
on his device to indicate that Alice's key is verified. on his device to indicate that Alice's key is verified.
10. Both devices send an `m.key.verification.done` message. 10. Both devices send an `m.key.verification.done` message.