twonly-app/lib/src/model/protobuf/client/passwordless_recovery.proto

69 lines
2 KiB
Protocol Buffer

syntax = "proto3";
package passwordless_recovery;
// Recovery Process
// - Generating: TempID and a new assymetric key pair
// - Uploading to the server TempID + Push Tokens so the server can notify the user that someone helped him
// Send from the person who tries to recover their account.
// This can be done via a link, which will then be opend in the app of the contact.
// The contact than has to manualy select from which user he got the request.
// -> Using this phishing is harder, as the user has to manualy select the user to recovery
// -> The user who wants to recover his account does not need to remember her old username
message RecoveryRequest {
int64 temp_id = 1;
bytes public_key = 2;
}
// Used as envelope for TrustedFriendShare and RecoveryData
message EncryptedEnvelope {
bytes encrypted_data = 1;
bytes iv = 2;
bytes mac = 3;
}
// Send from the trusted friend to
// This is encrypted with the received public key.
message TrustedFriendShare {
// This allows to display the user which user has send him his recovery data.
User trusted_friend = 1;
// This allows to display the userdata, showing that he is recovering the correct person.
User share_user = 2;
// The minimum threshold required to decrypte the shares.
int32 threshold = 3;
// The actual share which will become: SharedSecretData
bytes shared_secret_data = 4;
message User {
int64 user_id = 1;
string display_name = 2;
bytes avatar = 3;
}
}
// The user identity keys. Can be used to restore the data backup.
message RecoveryData {
int64 user_id = 1;
bytes key_manager = 3;
}
// After received all shares this is decrypted by the user restoring its own
message SharedSecretData {
// The recovery data is encrypted in case a second factor was chosen.
bytes recovery_data = 1;
optional bytes pin_seed = 2;
optional bytes pin_unlock_token = 3;
optional string email_hint = 4;
optional bytes encrypted_server_key_nonce = 5;
optional bytes encrypted_server_key_mac = 6;
}