matrix_sdk_crypto/backups/keys/
mod.rs

1// Copyright 2021 The Matrix.org Foundation C.I.C.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! Module for the keys that are used to back up room keys.
16//!
17//! The backup key is split into two parts:
18//!
19//! ```text
20//!                 ┌───────────────────────────────────────────┐
21//!                 │  BackupDecryptionKey | MegolmV1BackupKey  │
22//!                 └───────────────────────────────────────────┘
23//! ```
24//!
25//! 1. [`crate::store::BackupDecryptionKey`], a private Curve25519 key that is
26//!    used to decrypt backed up room keys. Sometimes also referred to as a
27//!    "recovery key".
28//!
29//! 2. [`MegolmV1BackupKey`], the public part of the Curve25519
30//!    `BackupDecryptionKey`. This is used to encrypt room keys that get backed
31//!    up.
32//!
33//! In theory, the `BackupDecryptionKey` can be derived from a passphrase.
34//! However, in practice deriving a decryption key from a passphrase isn't done,
35//! and is **not** supported by the spec.
36//!
37//! Instead, it is randomly generated, and then encrypted using the server-side
38//! secret storage (SSSS) key. (The SSSS key is, confusingly, also called a
39//! "recovery key".)
40//!
41//! The (encrypted) `BackupDecryptionKey` can then be uploaded to your account
42//! data as an `m.megolm.v1` event.
43//!
44//! The `MegolmV1BackupKey` is used to encrypt individual room keys so they can
45//! be uploaded to the homeserver.
46//!
47//! The `MegolmV1BackupKey` is a public key and is uploaded to the server using
48//! the `/room_keys/version` API endpoint.
49
50mod backup;
51mod decryption;
52
53pub use backup::MegolmV1BackupKey;
54pub use decryption::{DecodeError, DecryptionError};