syntax = "proto3"; package passwordless_recovery; // Recovery Process // - Generating: TempID and a new assymetric key pair // - Uploading to the server TempID + Push Tokens so the server can notify the user that someone helped him // Send from the person who tries to recover their account. // This can be done via a link, which will then be opend in the app of the contact. // The contact than has to manualy select from which user he got the request. // -> Using this phishing is harder, as the user has to manualy select the user to recovery // -> The user who wants to recover his account does not need to remember her old username message RecoveryRequest { string notification_id = 1; bytes public_key = 2; } // Used as envelope for TrustedFriendShare and RecoveryData message EncryptedEnvelope { bytes encrypted_data = 1; bytes iv = 2; bytes mac = 3; } // Send from the trusted friend to // This is encrypted with the received public key. message TrustedFriendShare { // This allows to display the user which user has send him his recovery data. User trusted_friend = 1; // This allows to display the userdata, showing that he is recovering the correct person. User share_user = 2; // The minimum threshold required to decrypte the shares. int32 threshold = 3; // The actual share which will become: SharedSecretData bytes shared_secret_data = 4; message User { int64 user_id = 1; string display_name = 2; bytes avatar = 3; } } // The user identity keys. Can be used to restore the data backup. message RecoveryData { int64 user_id = 1; bytes key_manager = 3; } // After received all shares this is decrypted by the user restoring its own message SharedSecretData { // The recovery data is encrypted in case a second factor was chosen. bytes recovery_data = 1; optional bytes encrypted_server_key_nonce = 3; optional bytes pin_seed = 4; optional bytes pin_unlock_token = 5; optional string email_hint = 6; }