* all encryption now uses ephmeral curve25519 keys * sender can identify themselves by providing a signing key * sign/verify now uses a string prefix for calculating checksum of the incoming message + known prefix [prevents us from verifying unknown blobs] * encrypt/decrypt key is now expanded with a known prefix _and_ the header checksum * protobuf definition changed to include an encrypted sender identification blob (sender public key) * moved protobuf files into an internal/pb directory * general code rearrangement to make it easy to find files * added extra validation for reading all keys * bumped version to 1.0.0
39 lines
940 B
Protocol Buffer
39 lines
940 B
Protocol Buffer
syntax="proto3";
|
|
|
|
//import "gogoproto/gogo.proto"
|
|
|
|
package pb;
|
|
|
|
//option (gogoproto.marshaler_all) = true;
|
|
//option (gogoproto.sizer_all) = true;
|
|
//option (gogoproto.unmarshaler_all) = true;
|
|
//option (gogoproto.goproto_getters_all) = false;
|
|
|
|
/*
|
|
* Every encrypted file starts with a header describing the
|
|
* Block Size, Salt, Recipient keys etc. Header represents a
|
|
* decoded version of this information. It is encoded in
|
|
* protobuf format before writing to disk.
|
|
*/
|
|
message header {
|
|
uint32 chunk_size = 1;
|
|
bytes salt = 2;
|
|
bytes pk = 3; // sender's ephemeral curve PK
|
|
sender sender_pk = 4; // sender's encrypted ed25519 PK
|
|
repeated wrapped_key keys = 5;
|
|
}
|
|
|
|
/*
|
|
* Sender info is wrapped using the data encryption key
|
|
*/
|
|
message sender {
|
|
bytes pk = 1;
|
|
}
|
|
|
|
/*
|
|
* A file encryption key is wrapped by a recipient specific public
|
|
* key. WrappedKey describes such a wrapped key.
|
|
*/
|
|
message wrapped_key {
|
|
bytes key = 2;
|
|
}
|