Christian Nennemann
12b19b6931
Add recovery code generation (8 codes per setup), Argon2id key derivation, ChaCha20-Poly1305 encrypted bundles, and server-side zero-knowledge storage. Each code independently recovers the account. Includes core crypto module, protobuf service (method IDs 750-752), server domain + handlers, SDK methods, SQL migration, and CLI commands (/recovery setup, /recovery restore).
38 lines
817 B
Protocol Buffer
38 lines
817 B
Protocol Buffer
syntax = "proto3";
|
|
package qpq.v1;
|
|
|
|
// Recovery service — encrypted recovery bundle storage.
|
|
// Method IDs: 750-752.
|
|
|
|
message StoreRecoveryBundleRequest {
|
|
// SHA-256(recovery_token) — server-side lookup key.
|
|
bytes token_hash = 1;
|
|
// Encrypted recovery bundle (opaque to server).
|
|
bytes bundle = 2;
|
|
// TTL in seconds (default 90 days = 7776000).
|
|
uint64 ttl_secs = 3;
|
|
}
|
|
|
|
message StoreRecoveryBundleResponse {
|
|
bool success = 1;
|
|
}
|
|
|
|
message FetchRecoveryBundleRequest {
|
|
// SHA-256(recovery_token) — lookup key.
|
|
bytes token_hash = 1;
|
|
}
|
|
|
|
message FetchRecoveryBundleResponse {
|
|
// Empty if no bundle found.
|
|
bytes bundle = 1;
|
|
}
|
|
|
|
message DeleteRecoveryBundleRequest {
|
|
// SHA-256(recovery_token) — lookup key.
|
|
bytes token_hash = 1;
|
|
}
|
|
|
|
message DeleteRecoveryBundleResponse {
|
|
bool success = 1;
|
|
}
|