Allow configuring old verify keys (#1443)

* Allow configuring old verify keys * Update sample config * Update sample config * Fix config population * Key ID formatting validity of old_verify_keys * Update comment
author: Neil Alexander <neilalexander@users.noreply.github.com> 2020-09-25 10:58:53 +0100
committer: GitHub <noreply@github.com> 2020-09-25 10:58:53 +0100
commit: 145db37d8998a2e17c4c5afb2512243ac3bd6c9a (patch)
tree: a5e872a43b15f938bcba0f0a261b500e5ed105fb /dendrite-config.yaml
parent: 6fbf89a166057d657b3fb742efdfccbedbfc8436 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/dendrite-config.yaml b/dendrite-config.yaml
index 8c737692..b71fb509 100644
--- a/dendrite-config.yaml
+++ b/dendrite-config.yaml
@@ -38,6 +38,14 @@ global:
   # The path to the signing private key file, used to sign requests and events.
   private_key: matrix_key.pem
 
+  # The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)
+  # to old signing private keys that were formerly in use on this domain. These
+  # keys will not be used for federation request or event signing, but will be
+  # provided to any other homeserver that asks when trying to verify old events.
+  # old_private_keys:
+  # - private_key: old_matrix_key.pem
+  #   expired_at: 1601024554498
+
   # How long a remote server can cache our server signing key before requesting it
   # again. Increasing this number will reduce the number of requests made by other
   # servers for our key but increases the period that a compromised key will be
author	Neil Alexander <neilalexander@users.noreply.github.com>	2020-09-25 10:58:53 +0100
committer	GitHub <noreply@github.com>	2020-09-25 10:58:53 +0100
commit	145db37d8998a2e17c4c5afb2512243ac3bd6c9a (patch)
tree	a5e872a43b15f938bcba0f0a261b500e5ed105fb /dendrite-config.yaml
parent	6fbf89a166057d657b3fb742efdfccbedbfc8436 (diff)