OpenSource/telegram-crawler
OpenSource/telegram-crawler
1
0
Fork 0
mirror of https://github.com/MarshalX/telegram-crawler.git synced 2024-11-24 08:16:34 +01:00
Code Issues Projects Releases Packages Wiki Activity
telegram-crawler/data/web/blogfork.telegram.org/api/pfs.html
GitHub Action d0c19d16f3 Update content of files
2022-05-13 22:37:40 +00:00

141 lines
7.9 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html class="">
<head>
<meta charset="utf-8">
<title>Perfect Forward Secrecy</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta property="description" content="Binding temporary authorization key to permanent ones.">
<meta property="og:title" content="Perfect Forward Secrecy">
<meta property="og:image" content="a2b9f721d645a85533">
<meta property="og:description" content="Binding temporary authorization key to permanent ones.">
<link rel="icon" type="image/svg+xml" href="/img/website_icon.svg?4">
<link rel="apple-touch-icon" sizes="180x180" href="/img/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/img/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/img/favicon-16x16.png">
<link rel="alternate icon" href="/img/favicon.ico" type="image/x-icon" />
<link href="/css/bootstrap.min.css?3" rel="stylesheet">
<link href="/css/telegram.css?230" rel="stylesheet" media="screen">
<style>
</style>
</head>
<body class="preload">
<div class="dev_page_wrap">
<div class="dev_page_head navbar navbar-static-top navbar-tg">
<div class="navbar-inner">
<div class="container clearfix">
<ul class="nav navbar-nav navbar-right hidden-xs"><li class="navbar-twitter"><a href="https://twitter.com/telegram" target="_blank" data-track="Follow/Twitter" onclick="trackDlClick(this, event)"><i class="icon icon-twitter"></i><span> Twitter</span></a></li></ul>
<ul class="nav navbar-nav">
<li><a href="//telegram.org/">Home</a></li>
<li class="hidden-xs"><a href="//telegram.org/faq">FAQ</a></li>
<li class="hidden-xs"><a href="//telegram.org/apps">Apps</a></li>
<li class="active"><a href="/api">API</a></li>
<li class=""><a href="/mtproto">Protocol</a></li>
<li class=""><a href="/schema">Schema</a></li>
</ul>
</div>
</div>
</div>
<div class="container clearfix">
<div class="dev_page">
<div id="dev_page_content_wrap" class=" ">
<div class="dev_page_bread_crumbs"><ul class="breadcrumb clearfix"><li><a href="/api" >API</a></li><i class="icon icon-breadcrumb-divider"></i><li><a href="/api/pfs" >Perfect Forward Secrecy</a></li></ul></div>
<h1 id="dev_page_title">Perfect Forward Secrecy</h1>
<div id="dev_page_content"><h5><a class="anchor" href="#related-articles" id="related-articles" name="related-articles"><i class="anchor-icon"></i></a>Related articles</h5>
<p><div class="dev_page_nav_wrap"></p>
<ul>
<li><a href="/api/end-to-end/pfs">Perfect Forward Secrecy in Secret Chats</a></li>
<li><a href="/mtproto/security_guidelines">Security guidelines for developers</a></li>
</ul>
<p></div></p>
<blockquote>
<p><em>This article is about Perfect Forward Secrecy in cloud chats, see also <a href="/api/end-to-end/pfs">PFS in Secret Chats</a>.</em></p>
</blockquote>
<hr>
<p>Telegram supports Perfect Forward Secrecy (PFS).</p>
<p>To make this possible, the client generates a permanent authorization key using <strong>p_q_inner_data</strong> and a temporary key using <strong>p_q_inner_data_temp</strong>. (See <a href="/mtproto/auth_key">Creating an Authorization Key</a> for more info.) These 2 operations may be done in parallel and even using the same connection. The client must save an <strong>expires_at</strong> unix timestamp <code>expires_at = time + expires_in</code>.</p>
<p><strong>Important</strong>: in order to achieve PFS, the client must <strong>never</strong> use the permanent auth_key_id directly. Every message that is sent to MTProto, must be encrypted by a <strong>temp_auth_key_id</strong>, that was bound to the <strong>perm_auth_key_id</strong>.</p>
<p>An unbound <strong>temp_auth_key_id</strong> may only be used with the following methods:</p>
<ul>
<li><a href="/method/auth.bindTempAuthKey">auth.bindTempAuthKey</a></li>
<li><a href="/method/help.getConfig">help.getConfig</a></li>
<li><a href="/method/help.getNearestDc">help.getNearestDc</a></li>
</ul>
<p>In order to bind a temporary authorization key to the permanent key the client creates a <a href="/method/auth.bindTempAuthKey#binding-message-contents">special binding message</a> and executes the <a href="/method/auth.bindTempAuthKey">auth.bindTempAuthKey</a> method using <strong>temp_auth_key</strong>. Once <strong>auth.bindTempAuthKey</strong> has been executed successfully, the client may signUp / signIn using other auth.* methods and continue using the API as usual; the client must also <a href="/api/invoking#saving-client-info">rewrite client info</a> using <a href="/method/initConnection">initConnection</a> after each binding. Each permanent key may only be bound to <strong>one</strong> temporary key at a time, binding a new temporary key overwrites the previous one.</p>
<p>Once the temporary key expires, the client needs to generate a new temporary key using <strong>p_q_inner_data_temp</strong>. Then it needs to re-bind that new temporary key to the initial permanent key. A new key can also be generated in advance, so that the client has a new key ready by the time the old one has expired.</p>
<p>For additional security, the client can store the temporary authorization key in RAM only and never save it in persistent storage.</p>
<p>A temporary authorization key may expire at any moment before <strong>expires_at</strong>, since such keys are also stored only in the RAM on the server-side. Be prepared to handle resulting MTProto errors correctly (non-existent auth_key_id results in a 404 error).</p></div>
</div>
</div>
</div>
<div class="footer_wrap">
<div class="footer_columns_wrap footer_desktop">
<div class="footer_column footer_column_telegram">
<h5>Telegram</h5>
<div class="footer_telegram_description"></div>
Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed.
</div>
<div class="footer_column">
<h5><a href="//telegram.org/faq">About</a></h5>
<ul>
<li><a href="//telegram.org/faq">FAQ</a></li>
<li><a href="//telegram.org/blog">Blog</a></li>
<li><a href="//telegram.org/jobs">Jobs</a></li>
</ul>
</div>
<div class="footer_column">
<h5><a href="//telegram.org/apps#mobile-apps">Mobile Apps</a></h5>
<ul>
<li><a href="//telegram.org/dl/ios">iPhone/iPad</a></li>
<li><a href="//telegram.org/dl/android">Android</a></li>
<li><a href="//telegram.org/dl/wp">Windows Phone</a></li>
</ul>
</div>
<div class="footer_column">
<h5><a href="//telegram.org/apps#desktop-apps">Desktop Apps</a></h5>
<ul>
<li><a href="//desktop.telegram.org/">PC/Mac/Linux</a></li>
<li><a href="//macos.telegram.org/">macOS</a></li>
<li><a href="//telegram.org/dl/web">Web-browser</a></li>
</ul>
</div>
<div class="footer_column footer_column_platform">
<h5><a href="/">Platform</a></h5>
<ul>
<li><a href="/api">API</a></li>
<li><a href="//translations.telegram.org/">Translations</a></li>
<li><a href="//instantview.telegram.org/">Instant View</a></li>
</ul>
</div>
</div>
<div class="footer_columns_wrap footer_mobile">
<div class="footer_column">
<h5><a href="//telegram.org/faq">About</a></h5>
</div>
<div class="footer_column">
<h5><a href="//telegram.org/blog">Blog</a></h5>
</div>
<div class="footer_column">
<h5><a href="//telegram.org/apps">Apps</a></h5>
</div>
<div class="footer_column">
<h5><a href="/">Platform</a></h5>
</div>
<div class="footer_column">
<h5><a href="https://twitter.com/telegram" target="_blank" data-track="Follow/Twitter" onclick="trackDlClick(this, event)">Twitter</a></h5>
</div>
</div>
</div>
</div>
<script src="/js/main.js?46"></script>
<script>backToTopInit("Go up");
removePreloadInit();
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink