Module openmls::key_packages

source · []
Expand description

Key Packages

Key packages are pre-published public keys that provide some information about a user in order to facilitate the asynchronous addition of clients to a group.

A key package object specifies:

  • A protocol version and ciphersuite that the client supports
  • A public key that others can use for key agreement
  • A credential authenticating the client’s application-layer identity
  • A list of extensions for the key package (see Extensions for details)

Key packages are intended to be used only once and SHOULD NOT be reused except in case of last resort, i.e. if there’s no other key package available. Clients MAY generate and publish multiple KeyPackages to support multiple cipher suites.

The value for HPKE init key MUST be a public key for the asymmetric encryption scheme defined by cipher suite, and it MUST be unique among the set of key packages created by this client. The whole structure is signed using the client’s signature key. A key package object with an invalid signature field is considered malformed.

Creating key package bundles

Key package bundles are key packages including their private key. A key package bundle can be created as follows:

use openmls::prelude::*;
use openmls_rust_crypto::OpenMlsRustCrypto;

let ciphersuite = Ciphersuite::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519;
let backend = OpenMlsRustCrypto::default();

let credential_bundle = CredentialBundle::new(
    b"Sasha".to_vec(),
    CredentialType::Basic,
    SignatureScheme::from(ciphersuite),
    &backend,
)
.expect("Error creating credential.");
let key_package_bundle =
    KeyPackageBundle::new(&[ciphersuite], &credential_bundle, &backend, vec![])
        .expect("Error creating key package bundle.");

See KeyPackageBundle for more details and other ways to create key package bundles.

Loading key packages

When getting key packages from another user the serialized bytes are parsed as follows;

use openmls::prelude::*;
use openmls::test_utils::hex_to_bytes;
use openmls_rust_crypto::OpenMlsRustCrypto;

let key_package_bytes = hex_to_bytes(
        "0100010020687A9693D4FADC951B999E6EDD80B80F11747DE30620C75ED0A5F41E32\
         CB064C00010008000000000000000208070020AEF756C7D75DE1BEACA7D2DD17FA7A\
         C36F56B9BA1F7DF019BCB49A4138CEBCCB000000360002000000100000000061A0B6\
         2D000000006B086B9D00010000001A0201C8020001060001000200030C0001000200\
         030004000500080040961F9EC3D3F1BFCE673FEF39AB8BE6A8FF4D0BA40B3AA8A0DC\
         50CDE22482DC30A594EDDEC398F0966C3AFD67135007A6875F9873F4B521DF28827F\
         6A4EFF1704");
let key_package = KeyPackage::try_from(key_package_bytes.as_slice());

See KeyPackage for more details on how to use key packages.

Modules

errors

Key Package errors

Structs

KeyPackage

The key package struct.

KeyPackageBundle

A KeyPackageBundle contains a KeyPackage, the corresponding private key, and a leaf secret.