CryptoApi
Defined in: src/crypto-api/index.ts:78
Public interface to the cryptography parts of the js-sdk
Properties
Section titled “Properties”globalBlacklistUnverifiedDevices
Section titled “globalBlacklistUnverifiedDevices”globalBlacklistUnverifiedDevices:
boolean
Defined in: src/crypto-api/index.ts:86
Global override for whether the client should ever send encrypted messages to unverified devices. This provides the default for rooms which do not specify a value.
If true, all unverified devices will be blacklisted by default
Methods
Section titled “Methods”bootstrapCrossSigning()
Section titled “bootstrapCrossSigning()”bootstrapCrossSigning(
opts):Promise<void>
Defined in: src/crypto-api/index.ts:366
Bootstrap cross-signing by creating keys if needed.
If everything is already set up, then no changes are made, so this is safe to run to ensure cross-signing is ready for use.
This function:
- creates new cross-signing keys if they are not found locally cached nor in secret storage (if it has been set up)
- publishes the public keys to the server if they are not already published
- stores the private keys in secret storage if secret storage is set up.
Parameters
Section titled “Parameters”options object
Returns
Section titled “Returns”Promise<void>
bootstrapSecretStorage()
Section titled “bootstrapSecretStorage()”bootstrapSecretStorage(
opts):Promise<void>
Defined in: src/crypto-api/index.ts:406
Bootstrap secret storage.
- If secret storage is not already set up, or CreateSecretStorageOpts.setupNewSecretStorage is set:
- Calls CreateSecretStorageOpts.createSecretStorageKey to generate a new key.
- Stores the metadata of the new key in account data and sets it as the default secret storage key.
- Calls CryptoCallbacks.cacheSecretStorageKey if provided.
- Stores the private cross signing keys in the secret storage if they are known, and they are not already stored in secret storage.
- If CreateSecretStorageOpts.setupNewKeyBackup is set, calls CryptoApi.resetKeyBackup; otherwise, stores the key backup decryption key in secret storage if it is known, and it is not already stored in secret storage.
Note that there may be multiple accesses to secret storage during the course of this call, each of which will result in a call to CryptoCallbacks.getSecretStorageKey.
Parameters
Section titled “Parameters”Options object.
Returns
Section titled “Returns”Promise<void>
checkKeyBackupAndEnable()
Section titled “checkKeyBackupAndEnable()”checkKeyBackupAndEnable():
Promise<KeyBackupCheck|null>
Defined in: src/crypto-api/index.ts:620
Force a re-check of the key backup and enable/disable it as appropriate.
Fetches the current backup information from the server. If there is a backup, and it is trusted, starts backing up to it; otherwise, disables backups.
Returns
Section titled “Returns”Promise<KeyBackupCheck | null>
null if there is no backup on the server. Otherwise, data on the backup as returned by the server,
and trust information (as returned by isKeyBackupTrusted).
createRecoveryKeyFromPassphrase()
Section titled “createRecoveryKeyFromPassphrase()”createRecoveryKeyFromPassphrase(
password?):Promise<GeneratedSecretStorageKey>
Defined in: src/crypto-api/index.ts:430
Create a recovery key (ie, a key suitable for use with server-side secret storage).
The key can either be based on a user-supplied passphrase, or just created randomly.
Parameters
Section titled “Parameters”password?
Section titled “password?”string
Optional passphrase string to use to derive the key, which can later be entered by the user as an alternative to entering the recovery key itself. If omitted, a key is generated randomly.
Returns
Section titled “Returns”Promise<GeneratedSecretStorageKey>
Object including recovery key and server upload parameters. The private key should be disposed of after displaying to the use.
crossSignDevice()
Section titled “crossSignDevice()”crossSignDevice(
deviceId):Promise<void>
Defined in: src/crypto-api/index.ts:318
Cross-sign one of our own devices.
This will create a signature for the device using our self-signing key, and publish that signature. Cross-signing a device indicates, to our other devices and to other users, that we have verified that it really belongs to us.
Requires that cross-signing has been set up on this device (normally by calling bootstrapCrossSigning).
Note: Do not call this unless you have verified, somehow, that the device is genuine!
Parameters
Section titled “Parameters”deviceId
Section titled “deviceId”string
ID of the device to be signed.
Returns
Section titled “Returns”Promise<void>
deleteKeyBackupVersion()
Section titled “deleteKeyBackupVersion()”deleteKeyBackupVersion(
version):Promise<void>
Defined in: src/crypto-api/index.ts:648
Deletes the given key backup.
Parameters
Section titled “Parameters”version
Section titled “version”string
The backup version to delete.
Returns
Section titled “Returns”Promise<void>
disableKeyStorage()
Section titled “disableKeyStorage()”disableKeyStorage():
Promise<void>
Defined in: src/crypto-api/index.ts:641
Disables server-side key storage and deletes server-side backups.
- Deletes the current key backup version, if any (but not any previous versions).
- Disables 4S, deleting the info for the default key, the default key pointer itself and any known 4S data (cross-signing keys and the megolm key backup key).
- Deletes any dehydrated devices.
Returns
Section titled “Returns”Promise<void>
encryptToDeviceMessages()
Section titled “encryptToDeviceMessages()”encryptToDeviceMessages(
eventType,devices,payload):Promise<ToDeviceBatch>
Defined in: src/crypto-api/index.ts:452
Encrypts a given payload object via Olm to-device messages to a given set of devices.
Parameters
Section titled “Parameters”eventType
Section titled “eventType”string
the type of the event to send.
devices
Section titled “devices”object[]
an array of devices to encrypt the payload for.
payload
Section titled “payload”ToDevicePayload
the payload to encrypt.
Returns
Section titled “Returns”Promise<ToDeviceBatch>
the batch of encrypted payloads which can then be sent via client.DigitalWorldClient#queueToDevice.
exportRoomKeys()
Section titled “exportRoomKeys()”exportRoomKeys():
Promise<IMegolmSessionData[]>
Defined in: src/crypto-api/index.ts:153
Get a list containing all of the room keys
This should be encrypted before returning it to the user.
Returns
Section titled “Returns”Promise<IMegolmSessionData[]>
a promise which resolves to a list of session export objects
exportRoomKeysAsJson()
Section titled “exportRoomKeysAsJson()”exportRoomKeysAsJson():
Promise<string>
Defined in: src/crypto-api/index.ts:164
Get a JSON list containing all of the room keys
This should be encrypted before returning it to the user.
Returns
Section titled “Returns”Promise<string>
a promise which resolves to a JSON string encoding a list of session export objects, each of which is an IMegolmSessionData
exportSecretsBundle()?
Section titled “exportSecretsBundle()?”
optionalexportSecretsBundle():Promise<{backup?: {algorithm:string;backup_version:string;key:string; };cross_signing: {master_key:string;self_signing_key:string;user_signing_key:string; }; }>
Defined in: src/crypto-api/index.ts:726
Export secrets bundle for transmitting to another device as part of OAuth2 QR login
Returns
Section titled “Returns”Promise<{ backup?: { algorithm: string; backup_version: string; key: string; }; cross_signing: { master_key: string; self_signing_key: string; user_signing_key: string; }; }>
findVerificationRequestDMInProgress()
Section titled “findVerificationRequestDMInProgress()”findVerificationRequestDMInProgress(
roomId,userId?):VerificationRequest|undefined
Defined in: src/crypto-api/index.ts:500
Finds a DM verification request that is already in progress for the given room and user.
Parameters
Section titled “Parameters”roomId
Section titled “roomId”string
the room to use for verification.
userId?
Section titled “userId?”string
search for a verification request for the given user.
Returns
Section titled “Returns”VerificationRequest | undefined
the VerificationRequest that is in progress, if any.
forceDiscardSession()
Section titled “forceDiscardSession()”forceDiscardSession(
roomId):Promise<void>
Defined in: src/crypto-api/index.ts:143
Discard any existing megolm session for the given room.
This will ensure that a new session is created on the next call to prepareToEncrypt, or the next time a message is sent.
This should not normally be necessary: it should only be used as a debugging tool if there has been a problem with encryption.
Parameters
Section titled “Parameters”roomId
Section titled “roomId”string
the room to discard sessions for
Returns
Section titled “Returns”Promise<void>
getActiveSessionBackupVersion()
Section titled “getActiveSessionBackupVersion()”getActiveSessionBackupVersion():
Promise<string|null>
Defined in: src/crypto-api/index.ts:590
Get the current status of key backup.
Returns
Section titled “Returns”Promise<string | null>
If automatic key backups are enabled, the version of the active backup. Otherwise, null.
getCrossSigningKeyId()
Section titled “getCrossSigningKeyId()”getCrossSigningKeyId(
type?):Promise<string|null>
Defined in: src/crypto-api/index.ts:350
Get the ID of one of the user’s cross-signing keys, if both private and matching public parts of that key are available (ie. cached in the local crypto store).
The public part may not be available if a /keys/query request has not yet been
performed, or if the device that created the keys failed to publish them.
If either part of the keypair is not available, this will return null.
Parameters
Section titled “Parameters”The type of key to get the ID of. One of CrossSigningKey.Master, CrossSigningKey.SelfSigning,
or CrossSigningKey.UserSigning. Defaults to CrossSigningKey.Master.
Returns
Section titled “Returns”Promise<string | null>
If cross-signing has been initialised on this device, the ID of the given key. Otherwise, null
getCrossSigningStatus()
Section titled “getCrossSigningStatus()”getCrossSigningStatus():
Promise<CrossSigningStatus>
Defined in: src/crypto-api/index.ts:416
Get the status of our cross-signing keys.
Returns
Section titled “Returns”Promise<CrossSigningStatus>
The current status of cross-signing keys: whether we have public and private keys cached locally, and whether the private keys are in secret storage.
Throws
Section titled “Throws”May throw client.ClientStoppedError if the DigitalWorldClient is stopped before or during the call.
getDeviceVerificationStatus()
Section titled “getDeviceVerificationStatus()”getDeviceVerificationStatus(
userId,deviceId):Promise<DeviceVerificationStatus|null>
Defined in: src/crypto-api/index.ts:289
Get the verification status of a given device.
Parameters
Section titled “Parameters”userId
Section titled “userId”string
The ID of the user whose device is to be checked.
deviceId
Section titled “deviceId”string
The ID of the device to check
Returns
Section titled “Returns”Promise<DeviceVerificationStatus | null>
null if the device is unknown, or has not published any encryption keys (implying it does not support
encryption); otherwise the verification status of the device.
getEncryptionInfoForEvent()
Section titled “getEncryptionInfoForEvent()”getEncryptionInfoForEvent(
event):Promise<EventEncryptionInfo|null>
Defined in: src/crypto-api/index.ts:440
Get information about the encryption of the given event.
Parameters
Section titled “Parameters”the event to get information for
Returns
Section titled “Returns”Promise<EventEncryptionInfo | null>
null if the event is not encrypted, or has not (yet) been successfully decrypted. Otherwise, an
object with information about the encryption of the event.
getKeyBackupInfo()
Section titled “getKeyBackupInfo()”getKeyBackupInfo():
Promise<KeyBackupInfo|null>
Defined in: src/crypto-api/index.ts:609
Return the details of the latest backup on the server, when we last checked.
This normally returns a cached value, but if we haven’t yet made a request to the server, it will fire one off. It will always return the details of the active backup if key backup is enabled.
Return null if there is no backup.
Returns
Section titled “Returns”Promise<KeyBackupInfo | null>
the key backup information
getOwnDeviceKeys()
Section titled “getOwnDeviceKeys()”getOwnDeviceKeys():
Promise<OwnDeviceKeys>
Defined in: src/crypto-api/index.ts:105
Get the public part of the device keys for the current device.
Returns
Section titled “Returns”Promise<OwnDeviceKeys>
The public device keys.
getSecretStorageStatus()
Section titled “getSecretStorageStatus()”getSecretStorageStatus():
Promise<SecretStorageStatus>
Defined in: src/crypto-api/index.ts:386
Inspect the status of secret storage, in more detail than isSecretStorageReady.
Returns
Section titled “Returns”Promise<SecretStorageStatus>
getSessionBackupPrivateKey()
Section titled “getSessionBackupPrivateKey()”getSessionBackupPrivateKey():
Promise<Uint8Array<ArrayBufferLike> |null>
Defined in: src/crypto-api/index.ts:557
Fetch the backup decryption key we have saved in our store.
This can be used for gossiping the key to other devices.
Returns
Section titled “Returns”Promise<Uint8Array<ArrayBufferLike> | null>
the key, if any, or null
getTrustCrossSignedDevices()
Section titled “getTrustCrossSignedDevices()”getTrustCrossSignedDevices():
boolean
Defined in: src/crypto-api/index.ts:243
Return whether we trust other user’s signatures of their devices.
Returns
Section titled “Returns”boolean
true if we trust cross-signed devices, otherwise false.
CryptoApi.setTrustCrossSignedDevices
getUserCrossSigningKeys()
Section titled “getUserCrossSigningKeys()”getUserCrossSigningKeys(
userId):Promise<Partial<CrossSigningKeys> |null>
Defined in: src/crypto-api/index.ts:278
Get the given user’s public cross-signing keys, if they have published any, and we have fetched them to our store.
Normally this is only useful to applications as debug info, since the SDK handles keeping track of a user’s identity, and whether their devices are verified.
Parameters
Section titled “Parameters”userId
Section titled “userId”string
Returns
Section titled “Returns”Promise<Partial<CrossSigningKeys> | null>
getUserDeviceInfo()
Section titled “getUserDeviceInfo()”getUserDeviceInfo(
userIds,downloadUncached?):Promise<DeviceMap>
Defined in: src/crypto-api/index.ts:222
Get the device information for the given list of users.
For any users whose device lists are cached (due to sharing an encrypted room with the user), the cached device data is returned, unless it is stale.
If there are users with stale cached entries, wait (with some timeout) for any in-progress
/keys/query request to complete.
If there are uncached users, and the downloadUncached parameter is set to true,
a /keys/query request is made to the server to retrieve these devices.
Parameters
Section titled “Parameters”userIds
Section titled “userIds”string[]
The users to fetch.
downloadUncached?
Section titled “downloadUncached?”boolean
If true, download the device list for users whose device list we are not currently tracking. Defaults to false, in which case such users will not appear at all in the result map.
Returns
Section titled “Returns”Promise<DeviceMap>
A map {@link DeviceMap}.
getUserVerificationStatus()
Section titled “getUserVerificationStatus()”getUserVerificationStatus(
userId):Promise<UserVerificationStatus>
Defined in: src/crypto-api/index.ts:251
Get the verification status of a given user.
Parameters
Section titled “Parameters”userId
Section titled “userId”string
The ID of the user to check.
Returns
Section titled “Returns”Promise<UserVerificationStatus>
getVerificationRequestsToDeviceInProgress()
Section titled “getVerificationRequestsToDeviceInProgress()”getVerificationRequestsToDeviceInProgress(
userId):VerificationRequest[]
Defined in: src/crypto-api/index.ts:490
Returns to-device verification requests that are already in progress for the given user id.
Parameters
Section titled “Parameters”userId
Section titled “userId”string
the ID of the user to query
Returns
Section titled “Returns”the VerificationRequests that are in progress
getVersion()
Section titled “getVersion()”getVersion():
string
Defined in: src/crypto-api/index.ts:98
Return the current version of the crypto module.
For example: Rust SDK ${versions.matrix_sdk_crypto} (${versions.git_sha}), Vodozemac ${versions.vodozemac}.
Returns
Section titled “Returns”string
the formatted version
importRoomKeys()
Section titled “importRoomKeys()”importRoomKeys(
keys,opts?):Promise<void>
Defined in: src/crypto-api/index.ts:173
Import a list of room keys previously exported by exportRoomKeys
Parameters
Section titled “Parameters”a list of session export objects
options object
Returns
Section titled “Returns”Promise<void>
a promise which resolves once the keys have been imported
importRoomKeysAsJson()
Section titled “importRoomKeysAsJson()”importRoomKeysAsJson(
keys,opts?):Promise<void>
Defined in: src/crypto-api/index.ts:184
Import a JSON string encoding a list of room keys previously exported by exportRoomKeysAsJson
Parameters
Section titled “Parameters”string
a JSON string encoding a list of session export objects, each of which is an IMegolmSessionData
options object
Returns
Section titled “Returns”Promise<void>
a promise which resolves once the keys have been imported
importSecretsBundle()?
Section titled “importSecretsBundle()?”
optionalimportSecretsBundle(secrets):Promise<void>
Defined in: src/crypto-api/index.ts:732
Import secrets bundle transmitted from another device.
Parameters
Section titled “Parameters”secrets
Section titled “secrets”The secrets bundle received from the other device
backup?
Section titled “backup?”{ algorithm: string; backup_version: string; key: string; }
backup.algorithm
Section titled “backup.algorithm”string
backup.backup_version
Section titled “backup.backup_version”string
backup.key
Section titled “backup.key”string
cross_signing
Section titled “cross_signing”{ master_key: string; self_signing_key: string; user_signing_key: string; }
cross_signing.master_key
Section titled “cross_signing.master_key”string
cross_signing.self_signing_key
Section titled “cross_signing.self_signing_key”string
cross_signing.user_signing_key
Section titled “cross_signing.user_signing_key”string
Returns
Section titled “Returns”Promise<void>
isCrossSigningReady()
Section titled “isCrossSigningReady()”isCrossSigningReady():
Promise<boolean>
Defined in: src/crypto-api/index.ts:334
Checks whether cross signing:
- is enabled on this account and trusted by this device
- has private keys either cached locally or stored in secret storage
If this function returns false, () can be used
to fix things such that it returns true. That is to say, after
bootstrapCrossSigning() completes successfully, this function should
return true.
Returns
Section titled “Returns”Promise<boolean>
True if cross-signing is ready to be used on this device
Throws
Section titled “Throws”May throw client.ClientStoppedError if the DigitalWorldClient is stopped before or during the call.
isDehydrationSupported()
Section titled “isDehydrationSupported()”isDehydrationSupported():
Promise<boolean>
Defined in: src/crypto-api/index.ts:693
Returns whether MSC3814 dehydrated devices are supported by the crypto backend and by the server.
This should be called before calling startDehydration, and if this
returns false, startDehydration should not be called.
Returns
Section titled “Returns”Promise<boolean>
isEncryptionEnabledInRoom()
Section titled “isEncryptionEnabledInRoom()”isEncryptionEnabledInRoom(
roomId):Promise<boolean>
Defined in: src/crypto-api/index.ts:117
Check if we believe the given room to be encrypted.
This method returns true if the room has been configured with encryption. The setting is persistent, so that even if the encryption event is removed from the room state, it still returns true. This helps to guard against a downgrade attack wherein a server admin attempts to remove encryption.
Parameters
Section titled “Parameters”roomId
Section titled “roomId”string
Returns
Section titled “Returns”Promise<boolean>
true if the room with the supplied ID is encrypted. false if the room is not encrypted, or is unknown to
us.
isKeyBackupTrusted()
Section titled “isKeyBackupTrusted()”isKeyBackupTrusted(
info):Promise<BackupTrustInfo>
Defined in: src/crypto-api/index.ts:597
Determine if a key backup can be trusted.
Parameters
Section titled “Parameters”key backup info dict from CryptoApi.getKeyBackupInfo.
Returns
Section titled “Returns”Promise<BackupTrustInfo>
isSecretStorageReady()
Section titled “isSecretStorageReady()”isSecretStorageReady():
Promise<boolean>
Defined in: src/crypto-api/index.ts:381
Checks whether secret storage:
- is enabled on this account
- is storing cross-signing private keys
- is storing session backup key (if enabled)
If this function returns false, () can be used
to fix things such that it returns true. That is to say, after
bootstrapSecretStorage() completes successfully, this function should
return true.
Returns
Section titled “Returns”Promise<boolean>
True if secret storage is ready to be used on this device
isStateEncryptionEnabledInRoom()
Section titled “isStateEncryptionEnabledInRoom()”isStateEncryptionEnabledInRoom(
roomId):Promise<boolean>
Defined in: src/crypto-api/index.ts:122
Check if we believe the given room supports encrypted state events.
Parameters
Section titled “Parameters”roomId
Section titled “roomId”string
Returns
Section titled “Returns”Promise<boolean>
loadSessionBackupPrivateKeyFromSecretStorage()
Section titled “loadSessionBackupPrivateKeyFromSecretStorage()”loadSessionBackupPrivateKeyFromSecretStorage():
Promise<void>
Defined in: src/crypto-api/index.ts:583
Attempt to fetch the backup decryption key from secret storage.
If the key is found in secret storage, checks it against the latest backup on the server; if they match, stores the key in the crypto store by calling storeSessionBackupPrivateKey, which enables automatic restore of individual keys when an Unable-to-decrypt error is encountered.
If the backup decryption key from secret storage does not match the latest backup on the server, we throw a DecryptionKeyDoesNotMatchError.
If we are unable to fetch the key from secret storage or there is no backup on the server, we throw an exception.
Returns
Section titled “Returns”Promise<void>
pinCurrentUserIdentity()
Section titled “pinCurrentUserIdentity()”pinCurrentUserIdentity(
userId):Promise<void>
Defined in: src/crypto-api/index.ts:261
“Pin” the current identity of the given user, accepting it as genuine.
This is useful if the user has changed identity since we first saw them (leading to UserVerificationStatus.needsUserApproval), and we are now accepting their new identity.
Throws an error if called on our own user ID, or on a user ID that we don’t have an identity for.
Parameters
Section titled “Parameters”userId
Section titled “userId”string
Returns
Section titled “Returns”Promise<void>
prepareToEncrypt()
Section titled “prepareToEncrypt()”prepareToEncrypt(
room):void
Defined in: src/crypto-api/index.ts:130
Perform any background tasks that can be done before a message is ready to send, in order to speed up sending of the message.
Parameters
Section titled “Parameters”the room the event is in
Returns
Section titled “Returns”void
requestDeviceVerification()
Section titled “requestDeviceVerification()”requestDeviceVerification(
userId,deviceId):Promise<VerificationRequest>
Defined in: src/crypto-api/index.ts:542
Request an interactive verification with the given device.
This is normally used on one of our own devices, when the current device is already cross-signed, and we want to validate another device.
If a verification for this user/device is already in flight, returns it. Otherwise, initiates a new one.
To control the methods offered, set client.ICreateClientOpts.verificationMethods when creating the
DigitalWorldClient.
Parameters
Section titled “Parameters”userId
Section titled “userId”string
ID of the owner of the device to verify
deviceId
Section titled “deviceId”string
ID of the device to verify
Returns
Section titled “Returns”Promise<VerificationRequest>
a VerificationRequest when the request has been sent to the other party.
requestOwnUserVerification()
Section titled “requestOwnUserVerification()”requestOwnUserVerification():
Promise<VerificationRequest>
Defined in: src/crypto-api/index.ts:524
Send a verification request to our other devices.
This is normally used when the current device is new, and we want to ask another of our devices to cross-sign.
If an all-devices verification is already in flight, returns it. Otherwise, initiates a new one.
To control the methods offered, set client.ICreateClientOpts.verificationMethods when creating the
DigitalWorldClient.
Returns
Section titled “Returns”Promise<VerificationRequest>
a VerificationRequest when the request has been sent to the other party.
requestVerificationDM()
Section titled “requestVerificationDM()”requestVerificationDM(
userId,roomId):Promise<VerificationRequest>
Defined in: src/crypto-api/index.ts:510
Request a key verification from another user, using a DM.
Parameters
Section titled “Parameters”userId
Section titled “userId”string
the user to request verification with.
roomId
Section titled “roomId”string
the room to use for verification.
Returns
Section titled “Returns”Promise<VerificationRequest>
resolves to a VerificationRequest when the request has been sent to the other party.
resetEncryption()
Section titled “resetEncryption()”resetEncryption(
authUploadDeviceSigningKeys):Promise<void>
Defined in: src/crypto-api/index.ts:475
Reset the encryption of the user by going through the following steps:
- Remove the dehydrated device and stop the periodic creation of dehydrated devices.
- Disable backing up room keys and delete any existing backups.
- Remove the default secret storage key from the account data (ie: the recovery key).
- Reset the cross-signing keys.
- Create a new key backup.
Note that the dehydrated device will be removed, but will not be replaced and it will not schedule creating new dehydrated devices. To do this, startDehydration should be called after a new secret storage key is created.
Parameters
Section titled “Parameters”authUploadDeviceSigningKeys
Section titled “authUploadDeviceSigningKeys”UIAuthCallback<void>
Callback to authenticate the upload of device signing keys. Used when resetting the cross signing keys. See BootstrapCrossSigningOpts#authUploadDeviceSigningKeys.
Returns
Section titled “Returns”Promise<void>
resetKeyBackup()
Section titled “resetKeyBackup()”resetKeyBackup():
Promise<void>
Defined in: src/crypto-api/index.ts:632
Creates a new key backup version.
If there are existing backups they will be replaced.
If secret storage is set up, the new decryption key will be saved (the CryptoCallbacks.getSecretStorageKey callback will be called to obtain the secret storage key).
The backup engine will be started using the new backup version (i.e., checkKeyBackupAndEnable is called).
Returns
Section titled “Returns”Promise<void>
restoreKeyBackup()
Section titled “restoreKeyBackup()”restoreKeyBackup(
opts?):Promise<KeyBackupRestoreResult>
Defined in: src/crypto-api/index.ts:667
Download and restore the full key backup from the hub.
Before calling this method, a decryption key, and the backup version to restore, must have been saved in the crypto store. This happens in one of the following ways:
- When a new backup version is created with CryptoApi.resetKeyBackup, a new key is created and cached.
- The key can be loaded from secret storage with CryptoApi.loadSessionBackupPrivateKeyFromSecretStorage.
- The key can be received from another device via secret sharing, typically as part of the interactive verification flow.
- The key and backup version can also be set explicitly via CryptoApi.storeSessionBackupPrivateKey, though this is not expected to be a common operation.
Warning: the full key backup may be quite large, so this operation may take several hours to complete. Use of KeyBackupRestoreOpts.progressCallback is recommended.
Parameters
Section titled “Parameters”Returns
Section titled “Returns”Promise<KeyBackupRestoreResult>
restoreKeyBackupWithPassphrase()
Section titled “restoreKeyBackupWithPassphrase()”restoreKeyBackupWithPassphrase(
passphrase,opts?):Promise<KeyBackupRestoreResult>
Defined in: src/crypto-api/index.ts:678
Restores a key backup using a passphrase. The decoded key (derived from the passphrase) is stored locally by calling CryptoApi#storeSessionBackupPrivateKey.
Parameters
Section titled “Parameters”passphrase
Section titled “passphrase”string
The passphrase to use to restore the key backup.
Returns
Section titled “Returns”Promise<KeyBackupRestoreResult>
setDeviceIsolationMode()
Section titled “setDeviceIsolationMode()”setDeviceIsolationMode(
isolationMode):void
Defined in: src/crypto-api/index.ts:91
The DeviceIsolationMode mode to use.
Parameters
Section titled “Parameters”isolationMode
Section titled “isolationMode”Returns
Section titled “Returns”void
setDeviceVerified()
Section titled “setDeviceVerified()”setDeviceVerified(
userId,deviceId,verified?):Promise<void>
Defined in: src/crypto-api/index.ts:303
Mark the given device as locally verified.
Marking a device as locally verified has much the same effect as completing the verification dance, or receiving a cross-signing signature for it.
Parameters
Section titled “Parameters”userId
Section titled “userId”string
owner of the device
deviceId
Section titled “deviceId”string
unique identifier for the device.
verified?
Section titled “verified?”boolean
whether to mark the device as verified. Defaults to ‘true’.
Returns
Section titled “Returns”Promise<void>
Throws
Section titled “Throws”an error if the device is unknown, or has not published any encryption keys.
setTrustCrossSignedDevices()
Section titled “setTrustCrossSignedDevices()”setTrustCrossSignedDevices(
val):void
Defined in: src/crypto-api/index.ts:234
Set whether to trust other user’s signatures of their devices.
If false, devices will only be considered ‘verified’ if we have verified that device individually (effectively disabling cross-signing).
true by default.
Parameters
Section titled “Parameters”boolean
the new value
Returns
Section titled “Returns”void
startDehydration()
Section titled “startDehydration()”startDehydration(
opts?):Promise<void>
Defined in: src/crypto-api/index.ts:715
Start using device dehydration.
- Rehydrates a dehydrated device, if one is available and
opts.rehydrateistrue. - Creates a new dehydration key, if necessary, and stores it in Secret
Storage.
- If
opts.createNewKeyis set to true, always creates a new key. - If a dehydration key is not available, creates a new one.
- If
- Creates a new dehydrated device, and schedules periodically creating new dehydrated devices.
This function must not be called unless isDehydrationSupported returns
true, and must not be called until after cross-signing and secret
storage have been set up.
Parameters
Section titled “Parameters”boolean | StartDehydrationOpts
options for device dehydration. For backwards compatibility
with old code, a boolean can be given here, which will be treated as
the createNewKey option. However, this is deprecated.
Returns
Section titled “Returns”Promise<void>
storeSessionBackupPrivateKey()
Section titled “storeSessionBackupPrivateKey()”storeSessionBackupPrivateKey(
key,version):Promise<void>
Defined in: src/crypto-api/index.ts:568
Store the backup decryption key.
This should be called if the client has received the key from another device via secret sharing (gossiping). It is the responsability of the caller to check that the decryption key is valid for the given backup version.
Parameters
Section titled “Parameters”Uint8Array
the backup decryption key
version
Section titled “version”string
the backup version corresponding to this decryption key
Returns
Section titled “Returns”Promise<void>
userHasCrossSigningKeys()
Section titled “userHasCrossSigningKeys()”userHasCrossSigningKeys(
userId?,downloadUncached?):Promise<boolean>
Defined in: src/crypto-api/index.ts:202
Check if the given user has published cross-signing keys.
- If the user is this user, a
/keys/queryrequest is made to update locally the cross signing keys. - If the user is tracked, any current
/keys/queryrequests are awaited (with a timeout) and then the locally cached information is used. - If the user is not tracked locally and downloadUncached is set to true,
a
/keys/queryrequest is made to the server to retrieve the cross signing keys. - Otherwise, return false
Parameters
Section titled “Parameters”userId?
Section titled “userId?”string
the user ID to check. Defaults to the local user.
downloadUncached?
Section titled “downloadUncached?”boolean
If true, download the device list for users whose device list we are not
currently tracking. Defaults to false, in which case false will be returned for such users.
Returns
Section titled “Returns”Promise<boolean>
true if the cross signing keys are available.
withdrawVerificationRequirement()
Section titled “withdrawVerificationRequirement()”withdrawVerificationRequirement(
userId):Promise<void>
Defined in: src/crypto-api/index.ts:269
Remove the requirement for this identity to be verified, and pin it.
This is useful if the user was previously verified but is not anymore (UserVerificationStatus.wasCrossSigningVerified) and it is not possible to verify him again now.
Parameters
Section titled “Parameters”userId
Section titled “userId”string
Returns
Section titled “Returns”Promise<void>