Module openmls::credentials
source · [−]Expand description
Credentials
A Credential contains identifying information about the client that
created it, as well as a signature public key and the corresponding
signature scheme. Credentials represent clients in MLS groups and are
used to authenticate their messages. Each
KeyPackage that is either
pre-published, or that represents a client in a group contains a
Credential and is authenticated by it.
Clients can create a Credential by creating a CredentialBundle which
contains the Credential, as well as the corresponding private key
material. The CredentialBundle can in turn be used to generate a
KeyPackageBundle.
The MLS protocol spec allows the that represents a client in a group to
change over time. Concretely, members can issue an Update proposal or a Full
Commit to update their KeyPackage, as
well as the Credential in it. The Update has to be authenticated by the
signature public key contained in the old Credential.
When receiving a credential update from another member, applications must query the Authentication Service to ensure that the new credential is valid.
Credentials are specific to a signature scheme, which has to match the
ciphersuite of the KeyPackage that it
is embedded in. Clients can use different credentials, potentially with
different signature schemes in different groups.
There are multiple CredentialTypes, although OpenMLS currently only
supports the BasicCredential.
Modules
Credential errors
Structs
Basic Credential.
X.509 Certificate.
Credential.
Credential Bundle.
Enums
CredentialType.
MlsCredentialType.