c/quicproquo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement account recovery with encrypted backup bundles

Browse Source 
Add recovery code generation (8 codes per setup), Argon2id key derivation,
ChaCha20-Poly1305 encrypted bundles, and server-side zero-knowledge storage.
Each code independently recovers the account. Includes core crypto module,
protobuf service (method IDs 750-752), server domain + handlers, SDK methods,
SQL migration, and CLI commands (/recovery setup, /recovery restore).
This commit is contained in:
Christian Nennemann
2026-03-04 20:12:20 +01:00
parent 5b6d8209f0
commit 12b19b6931
14 changed files with 1120 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
proto/qpq/v1/recovery.proto Normal file
View File

@@ -0,0 +1,37 @@
syntax = "proto3";
package qpq.v1;
// Recovery service — encrypted recovery bundle storage.
// Method IDs: 750-752.
message StoreRecoveryBundleRequest {
// SHA-256(recovery_token) — server-side lookup key.
bytes token_hash = 1;
// Encrypted recovery bundle (opaque to server).
bytes bundle = 2;
// TTL in seconds (default 90 days = 7776000).
uint64 ttl_secs = 3;
}
message StoreRecoveryBundleResponse {
bool success = 1;
}
message FetchRecoveryBundleRequest {
// SHA-256(recovery_token) — lookup key.
bytes token_hash = 1;
}
message FetchRecoveryBundleResponse {
// Empty if no bundle found.
bytes bundle = 1;
}
message DeleteRecoveryBundleRequest {
// SHA-256(recovery_token) — lookup key.
bytes token_hash = 1;
}
message DeleteRecoveryBundleResponse {
bool success = 1;
}