matrix-spec/data/api/server-server/definitions/event-schemas/m.signing_key_update.yaml
codedust f42ce28bfe Clarify terminology for keys in cross-signing module
- do not use the term 'cross-signing keys' anymore: Previously, the term
  'cross-signing keys' was used to refer to the master, user-signing and
  self-signing keys. This is not ideal since the master key is used for
  cross-signing but may also be used to sign the backup key, for example.
  In these contexts, the master key is not used for cross-signing.
  The term 'cross-signing keys' has therefor been replaced by 'keys used
  for cross-signing' or, more explicitely, by 'master, user-signing and
  self-signing key'.
- the naming of the master key has been harmonised (no more 'master
  cross-signing key' or 'master signing keys'). Also the abbr. 'MSK' has been
  replaced by 'MK'.
- in the QR code example, the term 'cross-signing key' has been replaced
  by 'master key' since in mode 0x00, the current user's own master key and
  what the device thinks the other user's master key is used.
- it has been made more explicit that private keys used for cross-signing can
  be stored on the server are stored as described in the secrets module (as
  opposed to store them in unencrypted form)

Signed-off-by: codedust <codedust@so.urceco.de>
2025-08-03 18:21:35 +02:00

66 lines
2.2 KiB
YAML

# Copyright 2020 The Matrix.org Foundation C.I.C.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
x-addedInMatrixVersion: "1.1"
type: object
title: m.signing_key_update
description: |-
An EDU that lets servers push details to each other when one of their users
updates their keys used for cross-signing.
allOf:
- $ref: ../edu.yaml
- type: object
properties:
edu_type:
type: string
enum: ['m.signing_key_update']
description: The string `m.signing_update`.
example: "m.signing_key_update"
content:
type: object
description: The updated signing keys.
title: Signing Key Update
properties:
user_id:
type: string
description: The user ID whose keys have changed.
example: "@alice:example.com"
master_key:
allOf:
- $ref: ../../../client-server/definitions/cross_signing_key.yaml
example: {
"user_id": "@alice:example.com",
"usage": ["master"],
"keys": {
"ed25519:base64+master+public+key": "base64+master+public+key",
}
}
self_signing_key:
allOf:
- $ref: ../../../client-server/definitions/cross_signing_key.yaml
example: {
"user_id": "@alice:example.com",
"usage": ["self_signing"],
"keys": {
"ed25519:base64+self+signing+public+key": "base64+self+signing+master+public+key",
},
"signatures": {
"@alice:example.com": {
"ed25519:base64+master+public+key": "signature+of+self+signing+key"
}
}
}
required:
- user_id