Binds a temporary authorization key temp_auth_key_id
to the permanent authorization key perm_auth_key_id
. Each permanent key may only be bound to one temporary key at a time, binding a new temporary key overwrites the previous one.
For more information, see Perfect Forward Secrecy.
boolFalse#bc799737 = Bool;
boolTrue#997275b5 = Bool;
---functions---
auth.bindTempAuthKey#cdd42a05 perm_auth_key_id:long nonce:long expires_at:int encrypted_message:bytes = Bool;
Name | Type | Description |
---|---|---|
perm_auth_key_id | long | Permanent auth_key_id to bind to |
nonce | long | Random long from Binding message contents |
expires_at | int | Unix timestamp to invalidate temporary key, see Binding message contents |
encrypted_message | bytes | See Generating encrypted_message |
Code | Type | Description |
---|---|---|
400 | ENCRYPTED_MESSAGE_INVALID | Encrypted message is incorrect. |
400 | TEMP_AUTH_KEY_ALREADY_BOUND | The passed temporary key is already bound to another perm_auth_key_id. |
400 | TEMP_AUTH_KEY_EMPTY | The request was not performed with a temporary authorization key. |
The client begins by creating a special binding message:
bind_auth_key_inner#75a3f765 nonce:long temp_auth_key_id:long perm_auth_key_id:long temp_session_id:long expires_at:int = BindAuthKeyInner;
nonce | long | Random long |
temp_auth_key_id | long | Temporary auth_key_id |
perm_auth_key_id | long | Permanent auth_key_id to bind to |
temp_session_id | long | Session id, which will be used to invoke auth.bindTempAuthKey method |
expires_at | int | Unix timestamp to invalidate temporary key |
This binding message is encrypted in the usual way, but with MTProto v1 using the perm_auth_key
. In other words, one has to prepend random:int128
(it replaces the customary session_id:long
and salt:long
that are irrelevant in this case), then append the same msg_id
that will be used for the request, a seqno
equal to zero, and the correct msg_len
(40 bytes in this case); after that, one computes the msg_key:int128
as SHA1 of the resulting string, appends padding necessary for a 16-byte alignment, encrypts the resulting string using the key derived from perm_auth_key
and msg_key
, and prepends perm_auth_key_id
and msg_key
to the encrypted data as usual.
Once encrypted_message is ready, an auth.bindTempAuthKey request is sent to the server using temp_auth_key
and temp_session_id
. Don't forget to rewrite client info using initConnection when the binding is completed.
Binding temporary authorization key to permanent ones.
A basic bare type, elements of which correspond to two-element sequences, representing 64-bit signed numbers (little-endian).
A basic bare type, the values of which correspond to single-element sequences, i.e. numbers from -2^31 to 2^31-1 which in this case represent themselves.
Additional options for calling methods.
Initialize connection