vault update: multiple keys

bitmaelum / bitmaelum-suite

BitMaelum software suite

https://bitmaelum.com

MIT License

61 stars 5 forks source link

vault update: multiple keys #143

Closed jaytaph closed 3 years ago

jaytaph commented 3 years ago

We should be able to "rotate" keys by creating a new key and advertising it to the resolver. However, we must keep the old keys since these are used for encrypting older messages.

Our vault accounts should have an array of keys. In order to decrypt we can either:

try each key until one succeeds.
add the public fingerprint to the message, and find the key that matches the fingerprint.

jaytaph commented 3 years ago

vault has been updated with multi-keys

jaytaph commented 3 years ago

if the "fingerprint" is present in the header, we have used that public key. If it's not present, we must iterate all keys to find the correct key