Skip to content

t2bot/matrix-key-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits

api

api

 
 

db

db

 
 

federation

federation

 
 

keys

keys

 
 

logging

logging

 
 

meta

meta

 
 

signing

signing

 
 

util

util

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

matrix-key-server

Implementation of a key server for Matrix.

Support room: #matrix-key-server:t2bot.io

Caution: Although this has notary server functionality, it is not yet recommended to point Synapse at this. It has not been tested - use at your own risk.

Demo: https://federationtester.matrix.org#keys.t2host.io

Building and running

The key server will automatically generate itself a key to use on startup. The process is meant to be run only attached to a postgres instance and does not have any on-disk requirements other than the executable itself.

This project uses Go modules and requires Go 1.20 or higher.

# Build
git clone https://github.com/t2bot/matrix-key-server.git
cd matrix-key-server
go build -v -o bin/matrix-key-server

# Run
./bin/matrix-key-server -address="0.0.0.0" -port=8080 -domain="keys.t2host.io" -postgres="postgres://username:password@localhost/dbname?sslmode=disable"

Docker

docker run -it --rm -e "ADDRESS=0.0.0.0" -e "PORT=8080" -e "DOMAIN=keys.t2host.io" -e "POSTGRES=postgres://username:password@localhost/dbname?sslmode=disable" t2bot/matrix-key-server

Build your own by checking out the repository and running docker build -t t2bot/matrix-key-server .

Custom APIs

The key server exposes some custom APIs which may aide the development of homeservers or Matrix services.

POST /_matrix/key/unstable/check_auth

Verifies an auth header according to the Matrix specification. The Authorization header is passed through and the remaining headers shown here demonstrate the additional information the key server needs. The content for the API call is sent as the request body to this call.

Caution: Trusting this endpoint can be bad if you don't trust the key server. You should always do your own auth wherever possible.

Example request:

POST /_matrix/key/unstable/check_auth
Authorization: X-Matrix origin="example.org",key="ed25519:auto",sig="ABCDEF..."
X-Keys-Method: GET
X-Keys-URI: /_matrix/federation/v1/publicRooms?include_all_networks=false&limit=20
X-Keys-Destination: dest.example.org

{... request body ...}

If the response is a 200 OK, the server is authorized. All other responses should be considered unauthorized.

About

Implementation of a key server for Matrix

Topics

matrix keyserver keys notary matrixdotorg

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

5 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages