CoreCryptoContextProtocol

Adds members to the conversation using their key packages, sending the resulting commit via the transport.

Adds a Credential to this client.

Note that while an arbitrary number of credentials can be generated, those which are added to a CoreCrypto instance must be distinct in credential type, signature scheme, and the timestamp of creation. This timestamp has only 1 second of resolution, limiting the number of credentials which can be added. This is a known limitation and will be relaxed in the future.

Commits all pending proposals in the conversation, sending the resulting commit via the transport.

Returns the ciphersuite in use for the given conversation.

Get the credential ref for the given conversation.

Returns the current MLS epoch of the given conversation.

Returns true if a conversation with the given id exists in the local state.

Creates a new MLS group with the given conversation ID, using the specified credential.

Decrypts an MLS message received in the given conversation.

Disables history sharing for the given conversation.

Returns the end-to-end identity verification state of the given conversation.

Returns true if end-to-end identity is enabled for the given ciphersuite.

Returns true if the PKI environment has been set up.

Enables history sharing for the given conversation.

Encrypts a plaintext message for all members of the given conversation.

Derives and exports a secret of key_length bytes for the given conversation.

The secret is derived from the MLS key schedule’s exporter mechanism (RFC 9420 §8.5), which produces output bound to the current group state and epoch. The exported value changes whenever the epoch advances.

Get all credentials from this client which match the provided parameters.

Parameters which are unset or None match anything. Those with a particular value find only credentials matching that value.

Generate a KeyPackage from the referenced credential.

Makes no attempt to look up or prune existing keypackages.

If lifetime is set, the keypackages will expire that span into the future. If it is unset, a default lifetime of approximately 3 months is used.

Returns the client ids of all members of the given conversation.

Get all credentials from this client.

Returns data previously stored by set_data, or None if no data has been stored.

Returns the E2EI identity claims for the specified devices in the given conversation.

Returns the serialized public key of the external sender for the given conversation.

Get a reference to each KeyPackage in the database.

Returns the E2EI identity claims for the specified users in the given conversation, grouped by user ID.

Joins an existing conversation by constructing an external commit from the given group info.

Initializes the MLS client with the given client ID and message transport.

Joins a conversation by processing an MLS Welcome message, returning the new conversation’s ID.

Decrypts a Proteus ciphertext in the given session, returning the plaintext.

Decrypt a message whether or not the proteus session already exists, and saves the session.

This is intended to replace simple usages of proteusDecrypt.

However, when decrypting large numbers of messages in a single session, the existing methods may be more efficient.

Encrypts a plaintext message in the given Proteus session.

Encrypts a plaintext message in multiple Proteus sessions, returning a map from session ID to ciphertext.

Returns the hex-encoded public key fingerprint of this device’s Proteus identity.

Returns the hex-encoded local public key fingerprint for the Proteus session with the given ID.

Returns the hex-encoded remote public key fingerprint for the Proteus session with the given ID.

Initializes the Proteus client.

Returns the CBOR-serialized last resort prekey bundle, creating it if it does not yet exist.

Creates a new Proteus prekey with the given ID and returns its CBOR-serialized bundle.

Warning: the Proteus client must be initialized with proteus_init first or an error will be returned.

Creates a new Proteus prekey with an automatically assigned ID and returns its CBOR-serialized bundle.

Warning: the Proteus client must be initialized with proteus_init first or an error will be returned.

Reloads all Proteus sessions from the keystore into memory.

Deletes the Proteus session with the given ID from local storage.

Returns true if a Proteus session with the given ID exists in local storage.

Creates a new Proteus session from an incoming encrypted message, returning the decrypted message payload.

Creates a new Proteus session from the given prekey bundle bytes, stored under the given session ID.

Saves the Proteus session with the given ID to the keystore.

Note: this is not usually needed, as sessions are persisted automatically when decrypting or encrypting messages and when initializing sessions.

Generates len random bytes from the cryptographically secure RNG.

Removes the specified clients from the conversation, sending the resulting commit via the transport.

Removes a Credential from this client.

Remove a KeyPackage from the database.

Remove all KeyPackages associated with this credential ref.

Set the credential ref for the given conversation.

Stores arbitrary data to be used as a transaction checkpoint.

The stored data can be retrieved via get_data. Keep the data size reasonable; this is not a general-purpose key-value store.

Updates this client’s key material in the conversation by sending an update commit.

Destroys the local state of the given conversation; it can no longer be used locally after this call.