mirror of
https://github.com/twonlyapp/twonly-app.git
synced 2026-07-17 23:54:08 +00:00
Some checks failed
Flutter analyze & test / flutter_analyze_and_test (push) Has been cancelled
69 lines
1.9 KiB
Protocol Buffer
69 lines
1.9 KiB
Protocol Buffer
syntax = "proto3";
|
|
package passwordless_recovery;
|
|
|
|
// Recovery Process
|
|
// - Generating: TempID and a new assymetric key pair
|
|
// - Uploading to the server TempID + Push Tokens so the server can notify the user that someone helped him
|
|
|
|
|
|
// Send from the person who tries to recover their account.
|
|
// This can be done via a link, which will then be opend in the app of the contact.
|
|
// The contact than has to manualy select from which user he got the request.
|
|
// -> Using this phishing is harder, as the user has to manualy select the user to recovery
|
|
// -> The user who wants to recover his account does not need to remember her old username
|
|
message RecoveryRequest {
|
|
string notification_id = 1;
|
|
bytes public_key = 2;
|
|
}
|
|
|
|
// Used as envelope for TrustedFriendShare and RecoveryData
|
|
message EncryptedEnvelope {
|
|
bytes encrypted_data = 1;
|
|
bytes iv = 2;
|
|
bytes mac = 3;
|
|
}
|
|
|
|
// Send from the trusted friend to
|
|
// This is encrypted with the received public key.
|
|
message TrustedFriendShare {
|
|
|
|
// This allows to display the user which user has send him his recovery data.
|
|
User trusted_friend = 1;
|
|
|
|
// This allows to display the userdata, showing that he is recovering the correct person.
|
|
User share_user = 2;
|
|
|
|
// The minimum threshold required to decrypte the shares.
|
|
int32 threshold = 3;
|
|
|
|
// The actual share which will become: SharedSecretData
|
|
bytes shared_secret_data = 4;
|
|
|
|
message User {
|
|
int64 user_id = 1;
|
|
string display_name = 2;
|
|
bytes avatar = 3;
|
|
}
|
|
}
|
|
|
|
// The user identity keys. Can be used to restore the data backup.
|
|
message RecoveryData {
|
|
int64 user_id = 1;
|
|
bytes key_manager = 3;
|
|
}
|
|
|
|
// After received all shares this is decrypted by the user restoring its own
|
|
message SharedSecretData {
|
|
|
|
// The recovery data is encrypted in case a second factor was chosen.
|
|
bytes recovery_data = 1;
|
|
|
|
optional bytes encrypted_server_key_nonce = 3;
|
|
|
|
optional bytes pin_seed = 4;
|
|
optional bytes pin_unlock_token = 5;
|
|
|
|
optional string email_hint = 6;
|
|
|
|
}
|
|
|