1// Copyright (c) 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4//
5// Provides wire protocol for signed password changes from
6// the cloud for Chrome OS accounts subject to remote management.
7//
8// The data in this file will be shared in Chrome, Chrome OS (cryptohome),
9// and on servers. Ensure all parties are aware when making changes.
10
11syntax = "proto2";
12
13option optimize_for = LITE_RUNTIME;
14
15package ac.chrome.managedaccounts.account;
16
17// The secret currently assumes a password-equivalent key and a
18// revision, to avoid rollbacks.  This secret should be serialized
19// and signed by a pre-negotiated key to authorize updates from the
20// server to the host OS.
21message Secret {
22  optional int64 revision = 1;
23  optional bytes secret = 2;
24  // In the future, a type field will be added to allow encrypted secrets
25  // and different secret types.
26}
27
28// This is an example format if this were sent on the wire.
29// It is assumed that neither Secret or SignedSecret will ever be sent
30// on the wire, but only reconstructed from source data.
31message SignedSecret {
32  optional bytes serialized_secret = 1;
33  optional bytes signature = 2;
34}
35