A file message has contentType ∈ {file,image,video,audio} whose envelope ciphertext carries { fileId, fileName, mimeType, size, fileKey, thumbnail? }. The server only sees fileId reference (validated ready + access-controlled) and the opaque ciphertext. The fileKey is NEVER stored server-side in plaintext.
Acceptance criteria:
- File messages validated to reference a
ready file authorized for the sender
fileKey only ever inside envelope ciphertext
- Fan-out identical to text messages
A file message has
contentType ∈ {file,image,video,audio}whose envelope ciphertext carries{ fileId, fileName, mimeType, size, fileKey, thumbnail? }. The server only seesfileIdreference (validatedready+ access-controlled) and the opaque ciphertext. ThefileKeyis NEVER stored server-side in plaintext.Acceptance criteria:
readyfile authorized for the senderfileKeyonly ever inside envelope ciphertext