100 lines
3.8 KiB
Protocol Buffer
100 lines
3.8 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// TorChat User Identity & Reputation Spec (v0.1)
|
|
// ---------------------------------------------------------------------------
|
|
// * A user is a long-term Ed25519 key-pair.
|
|
// * Profile fields are optional and fully signed.
|
|
// * Multi-device keys are supported via DeviceKey.
|
|
// * Third-party attestations ("signatures") build a web-of-trust layer.
|
|
// ---------------------------------------------------------------------------
|
|
|
|
package torchat.identity;
|
|
|
|
option go_package = "github.com/torchat/proto/identity";
|
|
option java_package = "org.torchat.identity";
|
|
option java_multiple_files = true;
|
|
|
|
// -------------------------------------------------
|
|
// Primitive types
|
|
// -------------------------------------------------
|
|
message PublicKey { bytes value = 1; } // Ed25519 32-byte
|
|
message Signature { bytes value = 1; } // Ed25519 64-byte on SHA-256 hash
|
|
message Sha256Hash { bytes value = 1; } // 32-byte hash
|
|
|
|
// -------------------------------------------------
|
|
// User Profile (self-signed)
|
|
// -------------------------------------------------
|
|
message UserProfile {
|
|
PublicKey pubkey = 1; // unique master key
|
|
string nickname = 2; // optional alias
|
|
string bio = 3; // optional free-text
|
|
string avatar_url = 4; // optional (ipfs:// or https://)
|
|
int64 created_at = 5; // epoch millis
|
|
uint32 version = 6; // profile schema version
|
|
}
|
|
|
|
// -------------------------------------------------
|
|
// Device key (per-device subkey, signed by master)
|
|
// -------------------------------------------------
|
|
message DeviceKey {
|
|
string device_id = 1; // random UUID / human name
|
|
PublicKey device_pk = 2; // Ed25519 key for this device
|
|
int64 created_at = 3;
|
|
Signature master_sig = 4; // master key sig over hash(device)
|
|
}
|
|
|
|
// -------------------------------------------------
|
|
// Third-party attestation (web-of-trust)
|
|
// -------------------------------------------------
|
|
message Attestation {
|
|
enum Purpose {
|
|
GENERIC_TRUST = 0; // default "I trust this user"
|
|
MODERATOR_ROLE = 1;
|
|
NOTARY_ROLE = 2; // can co-sign trades, escrow etc.
|
|
}
|
|
|
|
PublicKey signer_pk = 1; // who signs (must be known peer)
|
|
bytes subject_pk = 2; // user being attested
|
|
Purpose purpose = 3;
|
|
string memo = 4; // free text or JSON
|
|
int64 timestamp = 5;
|
|
Signature signature = 6; // sig(signer) over hash(all above fields)
|
|
}
|
|
|
|
// -------------------------------------------------
|
|
// Full signed user record
|
|
// -------------------------------------------------
|
|
message SignedUser {
|
|
UserProfile profile = 1; // MUST contain self-sig
|
|
Signature self_sig = 2; // sig(master) over hash(profile)
|
|
repeated DeviceKey devices = 3; // 0+ devices
|
|
repeated Attestation attestations = 4; // 0+ third-party sigs
|
|
}
|
|
|
|
// -------------------------------------------------
|
|
// gRPC Identity Service
|
|
// -------------------------------------------------
|
|
service IdentityService {
|
|
// Register or update your profile. Must include self_sig.
|
|
rpc RegisterUser (SignedUser) returns (Ack);
|
|
|
|
// Add or revoke a device key (master-signed).
|
|
rpc UpsertDeviceKey (DeviceKey) returns (Ack);
|
|
|
|
// Add a third-party attestation.
|
|
rpc AddAttestation (Attestation) returns (Ack);
|
|
|
|
// Get full user record.
|
|
rpc GetUser (PublicKey) returns (SignedUser);
|
|
|
|
// Stream attestations about a user.
|
|
rpc StreamAttestations(PublicKey) returns (stream Attestation);
|
|
}
|
|
|
|
// Generic acknowledge wrapper
|
|
message Ack {
|
|
enum Status { OK = 0; ERROR = 1; }
|
|
Status status = 1;
|
|
string message = 2; // optional error / info
|
|
}
|