[Members] Looking at the Matrix e2e specs...

Winfried Tilanus winfried at tilanus.com
Fri Jan 10 15:17:12 UTC 2020


Am I missing something while reading the Matrix e2e spec or does it rely
on the Matrix server for distributing the public keys:

Creating and registering device keys

This process only happens once, when a device first starts.

It must create the Ed25519 fingerprint key pair and the Curve25519
identity key pair. This is done by calling olm_create_account in libolm.
The (base64-encoded) keys are retrieved by calling
olm_account_identity_keys. The account should be stored for future use.

It should then publish these keys to the homeserver, which is done by
using the device_keys property of the /keys/upload endpoint.

In order to sign the device_keys payload as described in Signing JSON,
clients should call olm_account_sign.

And does it combine that with leap of faith verification of the key
fingerprint by default?

last line of "Downloading the device list for users in the room"):
Otherwise the client stores the information about this device.

If anybody know more about this, please let me know!



More information about the Members mailing list