Align E2EE migration documentation with fail-closed authenticated-export enforcement

Hop-State: A_06FPC1S8F3FMQ5RF2YGEFKR
Hop-Proposal: R_06FPC1MBXQ3KPM14C628E40
Hop-Task: T_06FPC1EEXNSR6RQ8VK6GX80
Hop-Attempt: AT_06FPC1EEXQMRTGRB6GP5FBG
This commit is contained in:
2026-07-15 06:46:13 -07:00
committed by Hop
parent b46be5c076
commit 57d8a0371f
+1 -1
View File
@@ -79,7 +79,7 @@ Invalid signatures, altered envelopes, authentication failures, and messages enc
## Export and migration limits
Account export preserves new message envelopes as ciphertext and preserves legacy messages as legacy plaintext. Fresh v1.1 exports sign a canonical digest of the complete payload. A historical v1.0 account can still migrate without that digest, but all unauthenticated DM history is discarded and the destination warns that the remaining legacy payload must be reviewed for tampering. The server does not decrypt E2EE messages for export.
Account export preserves new message envelopes as ciphertext and preserves legacy messages as legacy plaintext. Fresh exports sign a canonical digest of the complete payload. Digest-less historical exports are rejected because their profile, posts, follows, bots, and message history cannot be authenticated; users must create a fresh export on the old node. The server does not decrypt E2EE messages for export.
V1 does not migrate the account encryption private key or recovery enrollment between home nodes. It does migrate the signed public key-continuity anchor. On first opening Chat at the destination, the user sets a PIN once and the browser signs a monotonic replacement key. Preserved old ciphertext remains unreadable on the destination. Copying a node-wide `E2EE_RECOVERY_SECRET` for one account is not acceptable.