@@ -170,6 +170,11 @@ This proposal defines three verification methods that can be used in
170170
171171### QR code format
172172
173+ Note: only one of the following will be supported. They are both being
174+ documented here while we determine how well different formats are supported.
175+
176+ #### Binary format
177+
173178The QR codes to be displayed and scanned using this format will encode binary
174179strings in the general form:
175180
@@ -183,9 +188,9 @@ strings in the general form:
183188 master key
184189- the event ID or ` transaction_id ` of the associated verification
185190 request event, encoded as:
186- - two bytes in network byte order (big-endian) indicating the length of the
187- ID
188- - the ID as an ASCII string
191+ - two bytes in network byte order (big-endian) indicating the length in
192+ bytes of the ID as a UTF-8 string
193+ - the ID as a UTF-8 string
189194- the first key, as 32 bytes. The key to use depends on the mode field:
190195 - if ` 0x00 ` or ` 0x01 ` , then the user's own master cross-signing public key
191196 - if ` 0x02 ` , then the current device's device key
@@ -216,6 +221,44 @@ Bob's cross-signing key is `1011121314151617...` (which is "EBESExQVFh..." in
216221base64), and the shared secret is ` 2021222324252627 ` (which is "ICEiIyQlJic" in
217222base64).
218223
224+ #### Base32 format
225+
226+ The QR codes to be displayed and scanned using this format will encode alphanumeric
227+ strings generated as follows:
228+
229+ 1 . generate a binary string by concatenating:
230+ - the event ID or ` transaction_id ` of the associated verification
231+ request event, encoded as:
232+ - two bytes in network byte order (big-endian) indicating the length in
233+ bytes of the ID as a UTF-8 string
234+ - the ID as a UTF-8 string
235+ - the first key, as 32 bytes. The key to use depends on the mode field as
236+ described in step 3:
237+ - if "0" or "1", then the user's own master cross-signing public key
238+ - if "2", then the current device's device key
239+ - the second key, as 32 bytes. The key to use depends on the mode field:
240+ - if "0", then what the device thinks the other user's master
241+ cross-signing key is
242+ - if "1", then what the device thinks the other device's device key is
243+ - if "2", then what the device thinks the user's master cross-signing key
244+ is
245+ - a random shared secret, as a byte string. It is suggested to use a secret
246+ that is about 8 bytes long. Note: as we do not share the length of the
247+ secret, and it is not a fixed size, clients will just use the remainder of
248+ binary string as the shared secret.
249+ 2 . encode the above string using unpadded base32 as defined in RFC4648
250+ 3 . prepend the resulting string with
251+ - the string "MATRIX"
252+ - one character indicating the version (must by "2")
253+ - one character indicating the QR code verification mode. May be one of the
254+ following values:
255+ - "0" verifying another user with cross-signing
256+ - "1" self-verifying in which the current device does trust the master key
257+ - "2" self-verifying in which the current device does not yet trust the
258+ master key
259+
260+ The QR code is then generated using alphanumeric encoding mode.
261+
219262### Message types
220263
221264#### ` m.key.verification.start `
0 commit comments