[noise] Encrypting 0-RTT payloads

[Matthew Hodgson]

Hi all,

Apologies for the naive question, but: what is the recommended approach for encrypting the payload in a 0-RTT IK handshake?

Given the handshake isn’t yet complete, you can’t get at the CipherStates in order to use them to encrypt/decrypt the payload; so what is the idiomatic way of encrypting your payload for the remote static public key?

M

-- 
Matthew Hodgson
Matrix.org