diff options
author | Florian Dold <florian@dold.me> | 2021-10-21 13:11:17 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-10-21 13:11:33 +0200 |
commit | 0ee669f52341a8331394a1e9892264c0ef0bb7d7 (patch) | |
tree | 5a4d1a02ad6acd0dd04edde2dc032160c299700f /packages/anastasis-core/src/recovery-document-types.ts | |
parent | cf25f5698e9f3a3b36930e545f7cce9829fb08f6 (diff) | |
download | wallet-core-0ee669f52341a8331394a1e9892264c0ef0bb7d7.tar.xz |
reducer WIP, user error boundaries in UI
Diffstat (limited to 'packages/anastasis-core/src/recovery-document-types.ts')
-rw-r--r-- | packages/anastasis-core/src/recovery-document-types.ts | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/packages/anastasis-core/src/recovery-document-types.ts b/packages/anastasis-core/src/recovery-document-types.ts new file mode 100644 index 000000000..a1d9a55fc --- /dev/null +++ b/packages/anastasis-core/src/recovery-document-types.ts @@ -0,0 +1,66 @@ +import { TruthKey, TruthSalt, TruthUuid } from "./crypto.js"; + +export interface RecoveryDocument { + // Human-readable name of the secret + secret_name?: string; + + // Encrypted core secret. + encrypted_core_secret: string; // bytearray of undefined length + + // List of escrow providers and selected authentication method. + escrow_methods: EscrowMethod[]; + + // List of possible decryption policies. + policies: DecryptionPolicy[]; +} + +export interface DecryptionPolicy { + // Salt included to encrypt master key share when + // using this decryption policy. + salt: string; + + /** + * Master key, AES-encrypted with key derived from + * salt and keyshares revealed by the following list of + * escrow methods identified by UUID. + */ + master_key: string; + + /** + * List of escrow methods identified by their UUID. + */ + uuids: string[]; +} + +export interface EscrowMethod { + /** + * URL of the escrow provider (including possibly this Anastasis server). + */ + url: string; + + /** + * Type of the escrow method (e.g. security question, SMS etc.). + */ + escrow_type: string; + + // UUID of the escrow method. + // 16 bytes base32-crock encoded. + uuid: TruthUuid; + + // Key used to encrypt the Truth this EscrowMethod is related to. + // Client has to provide this key to the server when using /truth/. + truth_key: TruthKey; + + /** + * Salt to hash the security question answer if applicable. + */ + truth_salt: TruthSalt; + + // Salt from the provider to derive the user ID + // at this provider. + provider_salt: string; + + // The instructions to give to the user (i.e. the security question + // if this is challenge-response). + instructions: string; +} |