Documentation Index
Fetch the complete documentation index at: https://mintlify.com/openmls/openmls/llms.txt
Use this file to discover all available pages before exploring further.
The ExternalSendersExtension is a GroupContext extension that contains the credentials and signature keys of senders permitted to send external proposals to the group.
Overview
This extension allows entities outside the group to submit proposals (e.g., for administration purposes) by pre-authorizing their credentials and signature keys.
Structure
struct {
SignaturePublicKey signature_key;
Credential credential;
} ExternalSender;
ExternalSender external_senders<V>;
Types
ExternalSender
Represents a single authorized external sender.
The public signature key of the external sender
The credential of the external sender
ExternalSendersExtension
A list of ExternalSender entries:
pub type ExternalSendersExtension = Vec<ExternalSender>;
SenderExtensionIndex
Identifies an external sender in the ExternalSendersExtension list.
Zero-based index into the external senders list
Creating External Senders
use openmls::prelude::*;
use openmls::extensions::*;
// Create an external sender
let external_sender = ExternalSender::new(
signature_key, // SignaturePublicKey
credential // Credential
);
// Create extension with multiple external senders
let external_senders = vec![external_sender];
let extension = Extension::ExternalSenders(external_senders);
Methods
ExternalSender::new()
Creates a new ExternalSender instance.
pub fn new(
signature_key: SignaturePublicKey,
credential: Credential
) -> Self
signature_key
SignaturePublicKey
required
The signature public key of the external sender
The credential of the external sender
New ExternalSender instance
SenderExtensionIndex::new()
Creates a new SenderExtensionIndex.
pub fn new(index: u32) -> Self
The index of the external sender in the extension list
New SenderExtensionIndex instance
Usage in GroupContext
use openmls::prelude::*;
use openmls::extensions::*;
// Create external sender
let admin_sender = ExternalSender::new(
admin_signature_key,
admin_credential
);
// Create extension
let ext = Extension::ExternalSenders(vec![admin_sender]);
// Add to group context extensions
let mut extensions = Extensions::<GroupContext>::empty();
extensions.add(ext)?;
Accessing External Senders
// Get external senders from group context extensions
if let Some(senders) = group.extensions().external_senders() {
for (index, sender) in senders.iter().enumerate() {
println!("External sender {}: {:?}",
index,
sender.credential());
}
}
Example: Adding an External Administrator
use openmls::prelude::*;
use openmls::extensions::*;
use openmls_basic_credential::SignatureKeyPair;
// Generate admin credentials
let admin_credential = BasicCredential::new(b"admin@example.com".to_vec());
let admin_keypair = SignatureKeyPair::new(
ciphersuite.signature_algorithm()
)?;
// Create external sender for admin
let admin_sender = ExternalSender::new(
admin_keypair.to_public_vec().into(),
admin_credential.into()
);
// Add to group configuration
let extension = Extension::ExternalSenders(vec![admin_sender]);
Sender Index Usage
When an external sender sends a proposal, they identify themselves using a SenderExtensionIndex:
let sender_index = SenderExtensionIndex::new(0); // First external sender
- Looking up the external sender at the specified index
- Verifying the proposal signature using the sender’s signature key
- Checking the credential matches
Security Considerations
- Authorization: Only add trusted external senders to this list
- Credential Validation: Ensure external sender credentials are properly validated
- Proposal Limits: External senders can only send proposals, not commits
- Group Control: External proposals must still be committed by group members
The extension is serialized as a vector of ExternalSender structs using TLS encoding:
struct {
SignaturePublicKey signature_key;
Credential credential;
} ExternalSender;
ExternalSender external_senders<V>;
See Also