Skip to content

Commit cb1159c

Browse files
G8XSUG8XSU
authored
Merge pull request #22 from G8XSU/storable
Add Storable Helper Object
2 parents 62e888e + 8972816 commit cb1159c

File tree

1 file changed

+43
-2
lines changed

1 file changed

+43
-2
lines changed

app/src/main/proto/vss.proto

Lines changed: 43 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -299,7 +299,48 @@ message KeyValue {
299299
int64 version = 2;
300300

301301
// Object value in bytes which is stored (in put) and fetched (in get).
302-
// Clients must encrypt this blob client-side before sending it over the wire to server in order
303-
// to preserve privacy and security.
302+
// Clients must encrypt the secret contents of this blob client-side before sending it over the
303+
// wire to the server in order to preserve privacy and security.
304+
// Clients may use a `Storable` object, serialize it and set it here.
304305
bytes value = 3;
305306
}
307+
308+
// Represents a storable object that can be serialized and stored as `value` in `PutObjectRequest`.
309+
// Only provided as a helper object for ease of use by clients.
310+
// Clients MUST encrypt the `PlaintextBlob` before using it as `data` in `Storable`.
311+
// The server does not use or read anything from `Storable`, Clients may use its fields as
312+
// required.
313+
message Storable {
314+
315+
// Represents an encrypted and serialized `PlaintextBlob`. MUST encrypt the whole `PlaintextBlob`
316+
// using client-side encryption before setting here.
317+
bytes data = 1;
318+
319+
// Represents encryption related metadata
320+
EncryptionMetadata encryption_metadata = 2;
321+
}
322+
323+
// Represents encryption related metadata
324+
message EncryptionMetadata {
325+
// The encryption algorithm used for encrypting the `PlaintextBlob`.
326+
string cipher_format = 1;
327+
328+
// The nonce used for encryption. Nonce is a random or unique value used to ensure that the same
329+
// plaintext results in different ciphertexts every time it is encrypted.
330+
bytes nonce = 2;
331+
332+
// The authentication tag used for encryption. It provides integrity and authenticity assurance
333+
// for the encrypted data.
334+
bytes tag = 3;
335+
}
336+
337+
// Represents a data blob, which is encrypted, serialized and later used in `Storable.data`.
338+
// Since the whole `Storable.data` is client-side encrypted, the server cannot understand this.
339+
message PlaintextBlob {
340+
341+
// The unencrypted value.
342+
bytes value = 1;
343+
344+
// The version of the value. Can be used by client to verify version integrity.
345+
int64 version = 2;
346+
}

0 commit comments

Comments
 (0)