Description:
Implement first-contact: fetch a recipient device's bundle (#110), verify the signed prekey signature, derive a shared secret (X25519), and cache a per-device session. Phase 1 uses sealed-box/ECDH-derived keys; the interface must be swappable for Signal sessions (#190). Sessions persisted in IndexedDB.
Acceptance criteria:
- Signed prekey signature verified before use
- Session cached per recipient device
- Interface abstracts the underlying protocol (sealed-box now, Signal later)
Description:
Implement first-contact: fetch a recipient device's bundle (#110), verify the signed prekey signature, derive a shared secret (X25519), and cache a per-device session. Phase 1 uses sealed-box/ECDH-derived keys; the interface must be swappable for Signal sessions (#190). Sessions persisted in IndexedDB.
Acceptance criteria: