Allow configuring old verify keys (#1443)

* Allow configuring old verify keys * Update sample config * Update sample config * Fix config population * Key ID formatting validity of old_verify_keys * Update comment
2025-07-29 12:42:46 +00:00 · 2020-09-25 10:58:53 +01:00 · 2020-09-25 10:58:53 +01:00 · 145db37d89
commit 145db37d89
parent 6fbf89a166
5 changed files with 62 additions and 6 deletions
--- a/dendrite-config.yaml
+++ b/dendrite-config.yaml
@ -38,6 +38,14 @@ global:
  # The path to the signing private key file, used to sign requests and events.
  private_key: matrix_key.pem

+  # The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)
+  # to old signing private keys that were formerly in use on this domain. These
+  # keys will not be used for federation request or event signing, but will be
+  # provided to any other homeserver that asks when trying to verify old events.
+  # old_private_keys:
+  # - private_key: old_matrix_key.pem
+  #   expired_at: 1601024554498
+
  # How long a remote server can cache our server signing key before requesting it
  # again. Increasing this number will reduce the number of requests made by other
  # servers for our key but increases the period that a compromised key will be