Allow configuring old verify keys (#1443)

* Allow configuring old verify keys * Update sample config * Update sample config * Fix config population * Key ID formatting validity of old_verify_keys * Update comment
2025-08-02 22:22:46 +00:00 · 2020-09-25 10:58:53 +01:00 · 2020-09-25 10:58:53 +01:00 · 145db37d89
commit 145db37d89
parent 6fbf89a166
5 changed files with 62 additions and 6 deletions
--- a/internal/config/config_global.go
+++ b/internal/config/config_global.go
@ -22,6 +22,11 @@ type Global struct {
 	// prefix "ed25519:".
 	KeyID gomatrixserverlib.KeyID `yaml:"-"`

+	// Information about old private keys that used to be used to sign requests and
+	// events on this domain. They will not be used but will be advertised to other
+	// servers that ask for them to help verify old events.
+	OldVerifyKeys []OldVerifyKeys `yaml:"old_private_keys"`
+
 	// How long a remote server can cache our server key for before requesting it again.
 	// Increasing this number will reduce the number of requests made by remote servers
 	// for our key, but increases the period a compromised key will be considered valid
@ -60,6 +65,21 @@ func (c *Global) Verify(configErrs *ConfigErrors, isMonolith bool) {
 	c.Metrics.Verify(configErrs, isMonolith)
 }

+type OldVerifyKeys struct {
+	// Path to the private key.
+	PrivateKeyPath Path `yaml:"private_key"`
+
+	// The private key itself.
+	PrivateKey ed25519.PrivateKey `yaml:"-"`
+
+	// The key ID of the private key.
+	KeyID gomatrixserverlib.KeyID `yaml:"-"`
+
+	// When the private key was designed as "expired", as a UNIX timestamp
+	// in millisecond precision.
+	ExpiredAt gomatrixserverlib.Timestamp `yaml:"expired_at"`
+}
+
 // The configuration to use for Prometheus metrics
 type Metrics struct {
 	// Whether or not the metrics are enabled