Skip to content

E2EE Key Management

Endpoints for managing end-to-end encryption keys for Matrix chat.

Upload E2EE Keys

Upload end-to-end encryption keys for secure messaging.

Endpoint

POST /api/auth/keys/upload

Request

json
{
  "device_keys": {
    "user_id": "@user123:matrix.server",
    "device_id": "DEVICE123",
    "algorithms": ["m.olm.v1.curve25519-aes-sha2", "m.megolm.v1.aes-sha2"],
    "keys": {
      "curve25519:DEVICE123": "base64_key_here",
      "ed25519:DEVICE123": "base64_key_here"
    },
    "signatures": {
      "@user123:matrix.server": {
        "ed25519:DEVICE123": "signature_here"
      }
    }
  },
  "one_time_keys": {
    "curve25519:AAAAA": "base64_key_here",
    "curve25519:AAAAB": "base64_key_here"
  }
}

Response

json
{
  "message": "Keys uploaded successfully",
  "data": {
    "one_time_key_counts": {
      "curve25519": 50
    }
  }
}

Initialize Matrix Encryption

Initialize encryption for the Matrix account.

Endpoint

POST /api/auth/keys/init

Request

json
{
  "device_id": "DEVICE123"
}

Response

json
{
  "message": "Encryption initialized successfully",
  "data": {
    "device_id": "DEVICE123",
    "encryption_enabled": true
  }
}

Handle OLM Key Setup

Set up OLM encryption keys for the device.

Endpoint

POST /api/auth/keys/olm-setup

Request

json
{
  "device_id": "DEVICE123",
  "identity_key": "base64_identity_key",
  "signing_key": "base64_signing_key"
}

Response

json
{
  "message": "OLM keys configured successfully",
  "data": {
    "device_id": "DEVICE123",
    "olm_ready": true
  }
}

Get E2EE Keys

Retrieve the current E2EE key information.

Endpoint

GET /api/auth/keys

Response

json
{
  "data": {
    "device_id": "DEVICE123",
    "encryption_enabled": true,
    "one_time_key_counts": {
      "curve25519": 47
    },
    "device_keys": {
      "algorithms": ["m.olm.v1.curve25519-aes-sha2", "m.megolm.v1.aes-sha2"],
      "keys": {
        "curve25519:DEVICE123": "public_key_here",
        "ed25519:DEVICE123": "public_key_here"
      }
    }
  }
}

Notes

  • E2EE is required for private chat rooms
  • Keys must be uploaded before joining encrypted rooms
  • One-time keys should be replenished when count is low