fix recdoc JSON spec

1 files changed, 18 insertions, 17 deletions

diff --git a/doc/sphinx/rest.rst b/doc/sphinx/rest.rst
index 0a081c4..5e19a0f 100644
--- a/doc/sphinx/rest.rst
+++ b/doc/sphinx/rest.rst
@@ -272,18 +272,17 @@ In the following, UUID is always defined and used according to `RFC 4122`_.
   .. ts:def:: RecoveryDocument
 
     interface RecoveryDocument {
-      // Account identifier at backup provider, AES-encrypted with
-      // the (symmetric) master_key, i.e. an URL
-      // https://sync.taler.net/$BACKUP_ID and
-      // a private key to decrypt the backup.  Anastasis is oblivious
-      // to the details of how this is ultimately encoded.
-      backup_account: []; //bytearray of undefined length
+      // Human-readable name of the secret
+      secret_name?: string;
+
+      // Encrypted core secret.
+      encrypted_core_secret: string; // bytearray of undefined length
 
       // List of escrow providers and selected authentication method.
-      methods: EscrowMethod[];
+      escrow_methods: EscrowMethod[];
 
       // List of possible decryption policies.
-      policy: DecryptionPolicy[];
+      policies: DecryptionPolicy[];
 
     }
 
@@ -292,7 +291,7 @@ In the following, UUID is always defined and used according to `RFC 4122`_.
 
     interface EscrowMethod {
       // URL of the escrow provider (including possibly this Anastasis server).
-      provider_url : string;
+      url : string;
 
       // Type of the escrow method (e.g. security question, SMS etc.).
       escrow_type: string;
@@ -302,21 +301,23 @@ In the following, UUID is always defined and used according to `RFC 4122`_.
 
       // Key used to encrypt the `Truth` this `EscrowMethod` is related to.
       // Client has to provide this key to the server when using ``/truth/``.
-      truth_encryption_key: [32]; //bytearray
+      truth_key: [32]; //bytearray
 
       // Salt used to encrypt the truth on the Anastasis server.
-      truth_salt: [32]; //bytearray
+      salt: [32]; //bytearray
+
+      // Salt from the provider to derive the user ID
+      // at this provider.
+      provider_salt: [32]; //bytearray
 
-      // The challenge to give to the user (i.e. the security question
+      // The instructions to give to the user (i.e. the security question
       // if this is challenge-response).
       // (Q: as string in base32 encoding?)
       // (Q: what is the mime-type of this value?)
       //
-      // For some methods, this value may be absent.
-      //
       // The plaintext challenge is not revealed to the
       // Anastasis server.
-      challenge: []; //bytearray of undefined length
+      instructions: string;
 
     }
 
@@ -326,12 +327,12 @@ In the following, UUID is always defined and used according to `RFC 4122`_.
     interface DecryptionPolicy {
       // Salt included to encrypt master key share when
       // using this decryption policy.
-      policy_salt: [32]; //bytearray
+      salt: [32]; //bytearray
 
       // Master key, AES-encrypted with key derived from
       // salt and keyshares revealed by the following list of
       // escrow methods identified by UUID.
-      encrypted_master_key: [32]; //bytearray
+      master_key: [32]; //bytearray
 
       // List of escrow methods identified by their UUID.
       uuid: string[];