Skip to main content

attachment_identity_basis

Function attachment_identity_basis 

Source
pub fn attachment_identity_basis(
    ox: Option<&str>,
    nonce: &str,
    url: &str,
) -> String
Expand description

Identity basis for a RECEIVED attachment: the sender’s ox (plaintext hash) when provided — it’s what enables honest cross-message dedup — else a digest of nonce+url. Never the raw nonce: senders can and do reuse nonces, which cross-bound DIFFERENT files to one identity (the “new image renders as an old one” class). The upload URL is unique per ciphertext, so the digest is collision-resistant even against nonce reuse. Nothing honest ever writes a file under the digest name, so existence of one is never proof of download — reuse decisions stay with the content-verified download path.