e95b1fd238
* Enable unstable feature again * Try to verify when a device signs a key * Try to verify when a key signs a device * It's the self-signing key, not the master key * Fix error * Try to verify master key uploads * Actually we can't guarantee we can do that so nevermind * Add signatures into /devices/list request * Fix nil pointer * Reprioritise map creation * Don't skip devices that don't have signatures * Add some debug logging * Fix logic error in QuerySignatures * Fix bugs * Expose master and self-signing keys on /devices/list hopefully * maps are tedious * Expose signatures via /keys/query * Upload signatures when uploading keys * Fixes * Disable the feature again |
||
---|---|---|
.. | ||
api | ||
consumers | ||
internal | ||
inthttp | ||
producers | ||
storage | ||
types | ||
keyserver.go | ||
README.md |
Key Server
This is an internal component which manages E2E keys from clients. It handles all the Key Management APIs with the exception of /keys/changes
which is handled by Sync API. This component is designed to shard by user ID.
Keys are uploaded and stored in this component, and key changes are emitted to a Kafka topic for downstream components such as Sync API.
Internal APIs
PerformUploadKeys
stores identity keys and one-time public keys for given user(s).PerformClaimKeys
acquires one-time public keys for given user(s). This may involve outbound federation calls.QueryKeys
returns identity keys for given user(s). This may involve outbound federation calls. This component may then cache federated identity keys to avoid repeatedly hitting remote servers.- A topic which emits identity keys every time there is a change (addition or deletion).
### Endpoint mappings
- Client API maps
/keys/upload
toPerformUploadKeys
. - Client API maps
/keys/query
toQueryKeys
. - Client API maps
/keys/claim
toPerformClaimKeys
. - Federation API maps
/user/keys/query
toQueryKeys
. - Federation API maps
/user/keys/claim
toPerformClaimKeys
. - Sync API maps
/keys/changes
to consuming from the Kafka topic.