huddle 1.1.4: domain-separation prefix for the relay client-auth
challenge-response. The client signs RELAY_AUTH_DOMAIN || nonce with
its Ed25519 identity key; the relay verifies that signature against the
presented pubkey and checks the pubkey hashes to the claimed fingerprint.
The distinct domain tag keeps this signature from ever being mistaken for
a SignedRoomMessage envelope (which commits a different tag).
Derive the human-facing 24-char fingerprint from an Ed25519 public key.
Format: xxxx-xxxx-xxxx-xxxx-xxxx-xxxx (6 groups of 4 hex chars, 24 hex
chars total = 12 bytes = 96 bits of SHA-256 over the pubkey). Public so
crypto::verify_signed can re-derive it from a signed envelope’s pubkey
and check that it matches the asserted fingerprint.
Build the exact bytes a client signs to prove control of its identity key
to the relay: the domain tag followed by the server’s 32-byte challenge
nonce. The relay (huddle-server) open-codes the identical construction,
so the two must stay byte-for-byte in sync.
huddle 0.7.8: 12-hex Safety Code derived from the same SHA-256 of the
Ed25519 pubkey that backs compute_fingerprint. Format
SAFE-XXXX-XXXX-XXXX (uppercase, dash-separated). Display-only — a
shorter, less ambiguous handle to compare against a friend at the
start of a session. SAS-via-emoji is still the real verification
primitive; this is the visual analogue of DirectChat’s
accountSafetyCode.