feat: add secondary verified key

When a key is gossiped for the contact in a verified chat, it is stored in the secondary verified key slot. The messages are then encrypted to the secondary verified key if they are also encrypted to the contact introducing this secondary key. Chat-Group-Member-Added no longer updates the verified key. Verified group recovery only relies on the secondary verified key. When a message is received from a contact signed with a secondary verified key, secondary verified key replaces the primary verified key. When verified key is changed for the contact in response to receiving a message signed with a secondary verified key, "Setup changed" message is added to the same chat where the message is received.
2026-04-17 21:46:35 +03:00 · 2023-11-01 23:23:25 +00:00
parent 57e34abe98
commit ce016eb567
7 changed files with 246 additions and 60 deletions
--- a/src/securejoin.rs
+++ b/src/securejoin.rs
@@ -1026,8 +1026,11 @@ mod tests {
            gossip_key_fingerprint: Some(alice_pubkey.fingerprint()),
            verified_key: None,
            verified_key_fingerprint: None,
-            fingerprint_changed: false,
            verifier: None,
+            secondary_verified_key: None,
+            secondary_verified_key_fingerprint: None,
+            secondary_verifier: None,
+            fingerprint_changed: false,
        };
        peerstate.save_to_db(&bob.ctx.sql).await?;