diff options
Diffstat (limited to 'doc/sphinx/rest.rst')
-rw-r--r-- | doc/sphinx/rest.rst | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/doc/sphinx/rest.rst b/doc/sphinx/rest.rst index 0a081c4..5e19a0f 100644 --- a/doc/sphinx/rest.rst +++ b/doc/sphinx/rest.rst @@ -272,18 +272,17 @@ In the following, UUID is always defined and used according to `RFC 4122`_. .. ts:def:: RecoveryDocument interface RecoveryDocument { - // Account identifier at backup provider, AES-encrypted with - // the (symmetric) master_key, i.e. an URL - // https://sync.taler.net/$BACKUP_ID and - // a private key to decrypt the backup. Anastasis is oblivious - // to the details of how this is ultimately encoded. - backup_account: []; //bytearray of undefined length + // Human-readable name of the secret + secret_name?: string; + + // Encrypted core secret. + encrypted_core_secret: string; // bytearray of undefined length // List of escrow providers and selected authentication method. - methods: EscrowMethod[]; + escrow_methods: EscrowMethod[]; // List of possible decryption policies. - policy: DecryptionPolicy[]; + policies: DecryptionPolicy[]; } @@ -292,7 +291,7 @@ In the following, UUID is always defined and used according to `RFC 4122`_. interface EscrowMethod { // URL of the escrow provider (including possibly this Anastasis server). - provider_url : string; + url : string; // Type of the escrow method (e.g. security question, SMS etc.). escrow_type: string; @@ -302,21 +301,23 @@ In the following, UUID is always defined and used according to `RFC 4122`_. // Key used to encrypt the `Truth` this `EscrowMethod` is related to. // Client has to provide this key to the server when using ``/truth/``. - truth_encryption_key: [32]; //bytearray + truth_key: [32]; //bytearray // Salt used to encrypt the truth on the Anastasis server. - truth_salt: [32]; //bytearray + salt: [32]; //bytearray + + // Salt from the provider to derive the user ID + // at this provider. + provider_salt: [32]; //bytearray - // The challenge to give to the user (i.e. the security question + // The instructions to give to the user (i.e. the security question // if this is challenge-response). // (Q: as string in base32 encoding?) // (Q: what is the mime-type of this value?) // - // For some methods, this value may be absent. - // // The plaintext challenge is not revealed to the // Anastasis server. - challenge: []; //bytearray of undefined length + instructions: string; } @@ -326,12 +327,12 @@ In the following, UUID is always defined and used according to `RFC 4122`_. interface DecryptionPolicy { // Salt included to encrypt master key share when // using this decryption policy. - policy_salt: [32]; //bytearray + salt: [32]; //bytearray // Master key, AES-encrypted with key derived from // salt and keyshares revealed by the following list of // escrow methods identified by UUID. - encrypted_master_key: [32]; //bytearray + master_key: [32]; //bytearray // List of escrow methods identified by their UUID. uuid: string[]; |