diff --git a/README.md b/README.md index 7a9146030c1..d2bde406466 100644 --- a/README.md +++ b/README.md @@ -303,44 +303,129 @@ Then visit `http://localhost:8005` to see the API docs. # End-to-end encryption support -**This section is outdated.** Use of `libolm` is deprecated and we are replacing it with support -from the matrix-rust-sdk (https://github.com/element-hq/element-web/issues/21972). +`matrix-js-sdk`'s end-to-end encryption support is based on the [WebAssembly bindings](https://github.com/matrix-org/matrix-rust-sdk-crypto-wasm) of the Rust [matrix-sdk-crypto](https://github.com/matrix-org/matrix-rust-sdk/tree/main/crates/matrix-sdk-crypto) library. -The SDK supports end-to-end encryption via the Olm and Megolm protocols, using -[libolm](https://gitlab.matrix.org/matrix-org/olm). It is left up to the -application to make libolm available, via the `Olm` global. +## Initialization -It is also necessary to call `await matrixClient.initCrypto()` after creating a new -`MatrixClient` (but **before** calling `matrixClient.startClient()`) to -initialise the crypto layer. +**Do not use `matrixClient.initCrypto()`. This method is deprecated and no longer maintained.** -If the `Olm` global is not available, the SDK will show a warning, as shown -below; `initCrypto()` will also fail. +To initialize the end-to-end encryption support in the matrix client: +```javascript +// Create a new matrix client +const matrixClient = sdk.createClient({ + baseUrl: "http://localhost:8008", + accessToken: myAccessToken, + userId: myUserId, +}); + +// Initialize to enable end-to-end encryption support. +await matrixClient.initRustCrypto(); ``` -Unable to load crypto module: crypto will be disabled: Error: global.Olm is not defined + +After calling `initRustCrypto`, you can obtain a reference to the [`CryptoApi`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoApi.html) interface, which is the main entry point for end-to-end encryption, by calling [`MatrixClient.getCrypto`](https://matrix-org.github.io/matrix-js-sdk/classes/matrix.MatrixClient.html#getCrypto). + +## Secret storage + +You should normally set up [secret storage](https://spec.matrix.org/v1.12/client-server-api/#secret-storage) before using the end-to-end encryption. To do this, call [`CryptoApi.bootstrapSecretStorage`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoApi.html#bootstrapSecretStorage). +`bootstrapSecretStorage` can be called unconditionally: it will only set up the secret storage if it is not already set up (unless you use the `setupNewSecretStorage` parameter). + +```javascript +const matrixClient = sdk.createClient({ + ..., + cryptoCallbacks: { + getSecretStorageKey: async (keys) => { + // This function should prompt the user to enter their secret storage key. + return mySecretStorageKeys; + }, + }, +}); + +matrixClient.getCrypto().bootstrapSecretStorage({ + // This function will be called if a new secret storage key (aka recovery key) is needed. + // You should prompt the user to save the key somewhere, because they will need it to unlock secret storage in future. + createSecretStorageKey: async () => { + return mySecretStorageKey; + }, +}); ``` -If the crypto layer is not (successfully) initialised, the SDK will continue to -work for unencrypted rooms, but it will not support the E2E parts of the Matrix -specification. +The example above will create a new secret storage key if secret storage was not previously set up. +The secret storage data will be encrypted using the secret storage key returned in [`createSecretStorageKey`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CreateSecretStorageOpts.html#createSecretStorageKey). + +We recommend that you prompt the user to re-enter this key when [`CryptoCallbacks.getSecretStorageKey`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoCallbacks.html#getSecretStorageKey) is called (when the secret storage access is needed). + +## Set up cross-signing + +To set up cross-signing to verify devices and other users, call +[`CryptoApi.bootstrapCrossSigning`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoApi.html#bootstrapCrossSigning): + +```javascript +matrixClient.getCrypto().bootstrapCrossSigning({ + authUploadDeviceSigningKeys: async (makeRequest) => { + return makeRequest(authDict); + }, +}); +``` -To provide the Olm library in a browser application: +The [`authUploadDeviceSigningKeys`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.BootstrapCrossSigningOpts.html#authUploadDeviceSigningKeys) +callback is required in order to upload newly-generated public cross-signing keys to the server. -- download the transpiled libolm (from https://packages.matrix.org/npm/olm/). -- load `olm.js` as a `