?秘鑰生成算法HDhttps://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&ved=0ahUKEwj-hKjT8_3VAhUFqo8KHfBYDT0QFgiSATAO&url=https%3A%2F%2Fread01.com%2Fy2nAOd.html&usg=AFQjCNGk4pjRYbuo67m1sMyBtYP2VOLdkA ?

Identity Key Pair – A long-term Curve25519 key pair,

在應(yīng)用安裝的時候生成

? Signed Pre Key – A medium-term Curve25519 key pair,

在應(yīng)用安裝的時候生成，用IDK簽名。generated at install time, signed by the Identity Key, and rotated

on a periodic timed basis.

? One-Time Pre Keys – A queue of Curve25519 key pairs

預(yù)先生成的只能使用一次的key。 WhatsAp是每次上傳100個otpk到服務(wù)器。

session key types

ROOT KEY? 根密鑰

chain key 發(fā)送鏈密鑰

message key

客戶端注冊: 上傳IK, SPK,和一批otpk到服務(wù)器

session初始化:

1.sender 請求對方的IK, SPK,和一個otpk

2.服務(wù)器返回對應(yīng)的key，由于otpk只能使用一次，所以當(dāng)前使返回的otpk 會被刪除

3.sender 保存從服務(wù)器拿到的key ，The initiator saves the recipient’s Identity Key as Irecipient, the

Signed Pre Key as Srecipient, and the One-Time Pre Key as Orecipient.?

4.發(fā)起方生成一個ephemeral Curve25519 key pair, Einitiato

5.發(fā)起方 加載自己的IK 為Iinitiator

6.master_secret =

ECDH(Iinitiator, Srecipient) || ECDH(Einitiator, Irecipient) ||

ECDH(Einitiator, Srecipient) || ECDH(Einitiator, Orecipient).?

The initiator uses HKDF to create a Root Key and Chain Keys

from the master_secret.

至此初始化方就可以直接發(fā)送消息到接收方

接收方的session創(chuàng)建