mirror of
https://github.com/1f349/dendrite.git
synced 2024-11-13 23:31:34 +00:00
Document dendrite server key format (#1520)
Co-authored-by: Kegsay <kegan@matrix.org>
This commit is contained in:
parent
f32320a235
commit
b66b2eab32
@ -129,6 +129,10 @@ for federation and the server signing key:
|
|||||||
./bin/generate-keys --private-key matrix_key.pem --tls-cert server.crt --tls-key server.key
|
./bin/generate-keys --private-key matrix_key.pem --tls-cert server.crt --tls-key server.key
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If you have server keys from an older synapse instance,
|
||||||
|
[convert them](serverkeyformat.md#converting-synapse-keys) to Dendrite's PEM
|
||||||
|
format and configure them as `old_private_keys` in your config.
|
||||||
|
|
||||||
### Configuration file
|
### Configuration file
|
||||||
|
|
||||||
Create config file, based on `dendrite-config.yaml`. Call it `dendrite.yaml`. Things that will need editing include *at least*:
|
Create config file, based on `dendrite-config.yaml`. Call it `dendrite.yaml`. Things that will need editing include *at least*:
|
||||||
|
29
docs/serverkeyformat.md
Normal file
29
docs/serverkeyformat.md
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# Server Key Format
|
||||||
|
|
||||||
|
Dendrite stores the server signing key in the PEM format with the following structure.
|
||||||
|
|
||||||
|
```
|
||||||
|
-----BEGIN MATRIX PRIVATE KEY-----
|
||||||
|
Key-ID: ed25519:<Key Handle>
|
||||||
|
|
||||||
|
<Base64 Encoded Key Data>
|
||||||
|
-----END MATRIX PRIVATE KEY-----
|
||||||
|
```
|
||||||
|
|
||||||
|
## Converting Synapse Keys
|
||||||
|
|
||||||
|
If you have signing keys from a previous synapse server, you should ideally configure them as `old_private_keys` in your Dendrite config file. Synapse stores signing keys in the following format.
|
||||||
|
|
||||||
|
```
|
||||||
|
ed25519 <Key Handle> <Base64 Encoded Key Data>
|
||||||
|
```
|
||||||
|
|
||||||
|
To convert this key to Dendrite's PEM format, use the following template. **It is important to include the equals sign, as the key data needs to be padded to 32 bytes.**
|
||||||
|
|
||||||
|
```
|
||||||
|
-----BEGIN MATRIX PRIVATE KEY-----
|
||||||
|
Key-ID: ed25519:<Key Handle>
|
||||||
|
|
||||||
|
<Base64 Encoded Key Data>=
|
||||||
|
-----END MATRIX PRIVATE KEY-----
|
||||||
|
```
|
Loading…
Reference in New Issue
Block a user