jagerman
commented
1 year ago This should probably be done directly in the encrypt_message/decrypt_message interface. Might depend on #51 if we go with a protobuf wrapper.
Open jagerman opened 1 year ago
jagerman
commented
1 year ago This should probably be done directly in the encrypt_message/decrypt_message interface. Might depend on #51 if we go with a protobuf wrapper.
For group messages we need encrypted messages to decrypt to something (probably a new protobuf type?) that contains sender, signature, and content, where
contentis encodedContentprotobuf,senderis a Session ID, andsignatureis an XEd25519 signature*.(* sort of -- official XEd25519 has a reliance on a random value to make the signature, but since we have full ed keys we can make that EdDSA-style deterministic and do a negation, if necessary, so that we can always verify with the positive of the two possible X->Ed pubkeys).