matrix-sdk-android/org.matrix.android.sdk.api.session.securestorage/SharedSecretStorageService

SharedSecretStorageService

interface SharedSecretStorageService
Content copied to clipboard

Some features may require clients to store encrypted data on the server so that it can be shared securely between clients. Clients may also wish to securely send such data directly to each other. For example, key backups (MSC1219) can store the decryption key for the backups on the server, or cross-signing (MSC1756) can store the signing keys.

https://github.com/matrix-org/matrix-doc/pull/1946

Functions

Link copied to clipboard
abstract fun checkShouldBeAbleToAccessSecrets(secretNames: List<String>, keyId: String?): IntegrityResult
Content copied to clipboard
Link copied to clipboard
abstract suspend fun generateKey(    keyId: String,     key: SsssKeySpec?,     keyName: String,     keySigner: KeySigner?): SsssKeyCreationInfo
Content copied to clipboard

Generates a SSSS key for encrypting secrets. Use the SsssKeyCreationInfo object returned by the callback to get more information about the created key (recovery key ...)

Link copied to clipboard
abstract suspend fun generateKeyWithPassphrase(    keyId: String,     keyName: String,     passphrase: String,     keySigner: KeySigner,     progressListener: ProgressListener?): SsssKeyCreationInfo
Content copied to clipboard

Generates a SSSS key using the given passphrase. Use the SsssKeyCreationInfo object returned by the callback to get more information about the created key (recovery key, salt, iteration ...)

Link copied to clipboard
abstract fun getAlgorithmsForSecret(name: String): List<KeyInfoResult>
Content copied to clipboard

Use this call to determine which SSSSKeySpec to use for requesting secret.

Link copied to clipboard
abstract fun getDefaultKey(): KeyInfoResult
Content copied to clipboard

A key can be marked as the "default" key by setting the user's account_data with event type m.secret_storage.default_key to an object that has the ID of the key as its key property. The default key will be used to encrypt all secrets that the user would expect to be available on all their clients. Unless the user specifies otherwise, clients will try to use the default key to decrypt secrets.

Link copied to clipboard
abstract fun getKey(keyId: String): KeyInfoResult
Content copied to clipboard
Link copied to clipboard
abstract suspend fun getSecret(    name: String,     keyId: String?,     secretKey: SsssKeySpec): String
Content copied to clipboard

Get an encrypted secret from the shared storage.

Link copied to clipboard
abstract fun hasKey(keyId: String): Boolean
Content copied to clipboard

Check whether we have a key with a given ID.

Link copied to clipboard
open fun isMegolmKeyInBackup(): Boolean
Content copied to clipboard
Link copied to clipboard
open fun isRecoverySetup(): Boolean
Content copied to clipboard

Return true if SSSS is configured.

Link copied to clipboard
abstract suspend fun requestMissingSecrets()
Content copied to clipboard

Request the missing local secrets to other sessions.

Link copied to clipboard
abstract suspend fun requestSecret(name: String, myOtherDeviceId: String)
Content copied to clipboard
Link copied to clipboard
abstract suspend fun setDefaultKey(keyId: String)
Content copied to clipboard
Link copied to clipboard
abstract suspend fun storeSecret(    name: String,     secretBase64: String,     keys: List<KeyRef>)
Content copied to clipboard

Store an encrypted secret on the server Clients MUST ensure that the key is trusted before using it to encrypt secrets.