OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // Common sync protocol for encrypted data. | 5 // Common sync protocol for encrypted data. |
6 | 6 |
7 // Update proto_value_conversions{.h,.cc,_unittest.cc} if you change | 7 // Update proto_value_conversions{.h,.cc,_unittest.cc} if you change |
8 // any fields in this file. | 8 // any fields in this file. |
9 | 9 |
10 syntax = "proto2"; | 10 syntax = "proto2"; |
11 | 11 |
12 option optimize_for = LITE_RUNTIME; | 12 option optimize_for = LITE_RUNTIME; |
13 option retain_unknown_fields = true; | |
14 | 13 |
15 package sync_pb; | 14 package sync_pb; |
16 | 15 |
17 // Encrypted sync data consists of two parts: a key name and a blob. Key name is | 16 // Encrypted sync data consists of two parts: a key name and a blob. Key name is |
18 // the name of the key that was used to encrypt blob and blob is encrypted data | 17 // the name of the key that was used to encrypt blob and blob is encrypted data |
19 // itself. | 18 // itself. |
20 // | 19 // |
21 // The reason we need to keep track of the key name is that a sync user can | 20 // The reason we need to keep track of the key name is that a sync user can |
22 // change their passphrase (and thus their encryption key) at any time. When | 21 // change their passphrase (and thus their encryption key) at any time. When |
23 // that happens, we make a best effort to reencrypt all nodes with the new | 22 // that happens, we make a best effort to reencrypt all nodes with the new |
24 // passphrase, but since we don't have transactions on the server-side, we | 23 // passphrase, but since we don't have transactions on the server-side, we |
25 // cannot guarantee that every node will be reencrypted. As a workaround, we | 24 // cannot guarantee that every node will be reencrypted. As a workaround, we |
26 // keep track of all keys, assign each key a name (by using that key to encrypt | 25 // keep track of all keys, assign each key a name (by using that key to encrypt |
27 // a well known string) and keep track of which key was used to encrypt each | 26 // a well known string) and keep track of which key was used to encrypt each |
28 // node. | 27 // node. |
29 message EncryptedData { | 28 message EncryptedData { |
30 optional string key_name = 1; | 29 optional string key_name = 1; |
31 optional string blob = 2; | 30 optional string blob = 2; |
32 }; | 31 }; |
OLD | NEW |