Module openmls::key_packages
source · [−]Expand description
Key Packages
Key packages are pre-published public keys that provide some information about a user in order to facilitate the asynchronous addition of clients to a group.
A key package object specifies:
- A protocol version and ciphersuite that the client supports
- A public key that others can use for key agreement
- A credential authenticating the client’s application-layer identity
- A list of extensions for the key package (see Extensions for details)
Key packages are intended to be used only once and SHOULD NOT be reused except in case of last resort, i.e. if there’s no other key package available. Clients MAY generate and publish multiple KeyPackages to support multiple cipher suites.
The value for HPKE init key MUST be a public key for the asymmetric encryption scheme defined by cipher suite, and it MUST be unique among the set of key packages created by this client. The whole structure is signed using the client’s signature key. A key package object with an invalid signature field is considered malformed.
Creating key package bundles
Key package bundles are key packages including their private key. A key package bundle can be created as follows:
use openmls::prelude::*;
use openmls_rust_crypto::OpenMlsRustCrypto;
let ciphersuite = Ciphersuite::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519;
let backend = OpenMlsRustCrypto::default();
let credential_bundle = CredentialBundle::new(
b"Sasha".to_vec(),
CredentialType::Basic,
SignatureScheme::from(ciphersuite),
&backend,
)
.expect("Error creating credential.");
let key_package_bundle =
KeyPackageBundle::new(&[ciphersuite], &credential_bundle, &backend, vec![])
.expect("Error creating key package bundle.");
See KeyPackageBundle
for more details and other ways to create key
package bundles.
Loading key packages
When getting key packages from another user the serialized bytes are parsed as follows;
use openmls::prelude::*;
use openmls::test_utils::hex_to_bytes;
use openmls_rust_crypto::OpenMlsRustCrypto;
let key_package_bytes = hex_to_bytes(
"0100010020687A9693D4FADC951B999E6EDD80B80F11747DE30620C75ED0A5F41E32\
CB064C00010008000000000000000208070020AEF756C7D75DE1BEACA7D2DD17FA7A\
C36F56B9BA1F7DF019BCB49A4138CEBCCB000000360002000000100000000061A0B6\
2D000000006B086B9D00010000001A0201C8020001060001000200030C0001000200\
030004000500080040961F9EC3D3F1BFCE673FEF39AB8BE6A8FF4D0BA40B3AA8A0DC\
50CDE22482DC30A594EDDEC398F0966C3AFD67135007A6875F9873F4B521DF28827F\
6A4EFF1704");
let key_package = KeyPackage::try_from(key_package_bytes.as_slice());
See KeyPackage
for more details on how to use key packages.
Modules
Key Package errors
Structs
The key package struct.
A KeyPackageBundle
contains a KeyPackage
, the corresponding private
key, and a leaf secret.