syntax = "proto3"; // --------------------------------------------------------------------------- // TorChat User Identity & Reputation Spec (v0.1) // --------------------------------------------------------------------------- // * A user is a long-term Ed25519 key-pair. // * Profile fields are optional and fully signed. // * Multi-device keys are supported via DeviceKey. // * Third-party attestations ("signatures") build a web-of-trust layer. // --------------------------------------------------------------------------- package torchat.identity; option go_package = "github.com/torchat/proto/identity"; option java_package = "org.torchat.identity"; option java_multiple_files = true; // ------------------------------------------------- // Primitive types // ------------------------------------------------- message PublicKey { bytes value = 1; } // Ed25519 32-byte message Signature { bytes value = 1; } // Ed25519 64-byte on SHA-256 hash message Sha256Hash { bytes value = 1; } // 32-byte hash // ------------------------------------------------- // User Profile (self-signed) // ------------------------------------------------- message UserProfile { PublicKey pubkey = 1; // unique master key string nickname = 2; // optional alias string bio = 3; // optional free-text string avatar_url = 4; // optional (ipfs:// or https://) int64 created_at = 5; // epoch millis uint32 version = 6; // profile schema version } // ------------------------------------------------- // Device key (per-device subkey, signed by master) // ------------------------------------------------- message DeviceKey { string device_id = 1; // random UUID / human name PublicKey device_pk = 2; // Ed25519 key for this device int64 created_at = 3; Signature master_sig = 4; // master key sig over hash(device) } // ------------------------------------------------- // Third-party attestation (web-of-trust) // ------------------------------------------------- message Attestation { enum Purpose { GENERIC_TRUST = 0; // default "I trust this user" MODERATOR_ROLE = 1; NOTARY_ROLE = 2; // can co-sign trades, escrow etc. } PublicKey signer_pk = 1; // who signs (must be known peer) bytes subject_pk = 2; // user being attested Purpose purpose = 3; string memo = 4; // free text or JSON int64 timestamp = 5; Signature signature = 6; // sig(signer) over hash(all above fields) } // ------------------------------------------------- // Full signed user record // ------------------------------------------------- message SignedUser { UserProfile profile = 1; // MUST contain self-sig Signature self_sig = 2; // sig(master) over hash(profile) repeated DeviceKey devices = 3; // 0+ devices repeated Attestation attestations = 4; // 0+ third-party sigs } // ------------------------------------------------- // gRPC Identity Service // ------------------------------------------------- service IdentityService { // Register or update your profile. Must include self_sig. rpc RegisterUser (SignedUser) returns (Ack); // Add or revoke a device key (master-signed). rpc UpsertDeviceKey (DeviceKey) returns (Ack); // Add a third-party attestation. rpc AddAttestation (Attestation) returns (Ack); // Get full user record. rpc GetUser (PublicKey) returns (SignedUser); // Stream attestations about a user. rpc StreamAttestations(PublicKey) returns (stream Attestation); } // Generic acknowledge wrapper message Ack { enum Status { OK = 0; ERROR = 1; } Status status = 1; string message = 2; // optional error / info }