Allow specifying old signing keys with the public key and key ID only (#2770)
If the private key file is lost, it's often possible to retrieve the public key from another server elsewhere, so we should make it possible to configure it in that way.
This commit is contained in:
Neil Alexander
GitHub
parent
ec5d1d681d
commit
d605d928bc
5 changed files with 50 additions and 21 deletions
|
|
@ -18,12 +18,17 @@ global:
|
|||
private_key: matrix_key.pem
|
||||
|
||||
# The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)
|
||||
# to old signing private keys that were formerly in use on this domain. These
|
||||
# to old signing keys that were formerly in use on this domain name. These
|
||||
# keys will not be used for federation request or event signing, but will be
|
||||
# provided to any other homeserver that asks when trying to verify old events.
|
||||
old_private_keys:
|
||||
# If the old private key file is available:
|
||||
# - private_key: old_matrix_key.pem
|
||||
# expired_at: 1601024554498
|
||||
# If only the public key (in base64 format) and key ID are known:
|
||||
# - public_key: mn59Kxfdq9VziYHSBzI7+EDPDcBS2Xl7jeUdiiQcOnM=
|
||||
# key_id: ed25519:mykeyid
|
||||
# expired_at: 1601024554498
|
||||
|
||||
# How long a remote server can cache our server signing key before requesting it
|
||||
# again. Increasing this number will reduce the number of requests made by other
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue