Binds a temporary authorization key temp_auth_key_id to the permanent authorization key perm_auth_key_id.
Each permanent key may only be bound to one temporary key at a time, binding a new temporary key overwrites the previous one.

For more information, see Perfect Forward Secrecy.

boolFalse#bc799737 = Bool;
boolTrue#997275b5 = Bool;
auth.bindTempAuthKey#cdd42a05 perm_auth_key_id:long nonce:long expires_at:int encrypted_message:bytes = Bool;


perm_auth_key_id long Permanent auth_key_id to bind to
nonce long Random long from Binding message contents
expires_at int Unix timestamp to invalidate temporary key, see Binding message contents
encrypted_message bytes See Generating encrypted_message

Generating encrypted_message

The client begins by creating a special binding message:

Binding message contents

bind_auth_key_inner#75a3f765 nonce:long temp_auth_key_id:long perm_auth_key_id:long temp_session_id:long expires_at:int = BindAuthKeyInner;
nonce long Random long
temp_auth_key_id long Temporary auth_key_id
perm_auth_key_id long Permanent auth_key_id to bind to
temp_session_id long Session id, which will be used to invoke auth.bindTempAuthKey method
expires_at int Unix timestamp to invalidate temporary key

Encrypting the Binding Message

This binding message is encrypted in the usual way using the perm_auth_key. In other words, one has to prepend random:int128 (it replaces the customary session_id:long and salt:long that are irrelevant in this case), then append the same msg_id that will be used for the request, a seqno equal to zero, and the correct msg_len (40 bytes in this case); after that, one computes the msg_key:int128 as SHA1 of the resulting string, appends padding necessary for a 16-byte alignment, encrypts the resulting string using the key derived from perm_auth_key and msg_key, and prepends perm_auth_key_id and msg_key to the encrypted data as usual.


Once encrypted_message is ready, an auth.bindTempAuthKey request is sent to the server using temp_auth_key and temp_session_id.
Don't forget to rewrite client info using initConnection when the binding is completed.


Code Type Description
400 BAD_REQUEST TEMP_AUTH_KEY_ALREADY_BOUND The passed temporary key is already bound to another perm_auth_key_id
400 BAD_REQUEST TEMP_AUTH_KEY_EMPTY The request was not performed with a temporary authorization key
400 BAD_REQUEST ENCRYPTED_MESSAGE_INVALID Encrypted message is incorrect