[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-anastasis] branch master updated: Added possibility
From: |
gnunet |
Subject: |
[GNUnet-SVN] [taler-anastasis] branch master updated: Added possibility to distinguish between several backups (e.g. wallet, password safe etc.) |
Date: |
Tue, 20 Aug 2019 00:40:27 +0200 |
This is an automated email from the git hooks/post-receive script.
dennis-neufeld pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new e32534a Added possibility to distinguish between several backups
(e.g. wallet, password safe etc.)
e32534a is described below
commit e32534aa245e33095308ba5cf9167f8edfbef27c
Author: Dennis Neufeld <address@hidden>
AuthorDate: Tue Aug 20 00:38:17 2019 +0200
Added possibility to distinguish between several backups (e.g. wallet,
password safe etc.)
---
src/api/api-anastasis.rst | 48 ++++++++++++++++++++++++++---------------------
1 file changed, 27 insertions(+), 21 deletions(-)
diff --git a/src/api/api-anastasis.rst b/src/api/api-anastasis.rst
index 5d4a07b..9cf3195 100644
--- a/src/api/api-anastasis.rst
+++ b/src/api/api-anastasis.rst
@@ -14,6 +14,8 @@
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
@author Christian Grothoff
+ @author Dominik Meister
+ @author Dennis Neufeld
==============================
The Anastasis RESTful JSON API
@@ -22,32 +24,36 @@ The Anastasis RESTful JSON API
The API specified here follows the :ref:`general conventions <http-common>`
for all details not specified in the individual requests.
-.. _registration:
+For security reasons, we assume that the service is only accessed over TLS.
+
+.. _policy:
-------------
Manage policy
-------------
-This API is used by Anastasis clients to obtain global information about
-the escrow provider, such as online signing keys and the fee
-structure. This is typically the first call any Anastasis client makes, as it
-returns information required to process all of the other interactions with the
-escrow provider. The returned information is secured by (1) signature(s) from
the escrow provider,
-especially the long-term offline signing key of the escrow provider, which
clients should
-cache; (2) possibly by using HTTPS.
+This API is used by Anastasis clients to obtain or upload policies and the
corresponding encrypted masterkey from/to the escrow provider.
+The client is identified and authorized by $ACCOUNT_PUB, which should be kept
secret from third parties. $ACCOUNT_PUB should be an
+EdDSA public key.
-.. http:get:: /policy/$ACCOUNT_PUB[?version=$NUMBER]
+.. http:get:: /policy/$ACCOUNT_PUB[?type=$TYPE&version=$NUMBER]
Get the customer's policy and encrypted master key share data. The
response must begin with an ephemeral ECDHE public key and continue
with an AES-GCM encrypted payload and tag containing the escrow
- policy and the encrypted master public key.
+ policy and the encrypted master public key.
:status 200 OK:
- The escrow provider responds with a `EncryptedPolicyDocument`_ object.
This request should
+ The escrow provider responds with an `EncryptedPolicyDocument`_ object.
This request should
virtually always be successful, if the account exists.
+ X-Anastasis-Type: $TYPE --- return the type of policy specified in header;
+ The variable specifies the type of service for which a key backup is
stored (e.g. GNU Taler Wallet, Password Safe, etc.)
+ and is used to distinguish backups if you want to store more than one
backup with the escrow provider.
+ (if not specified in request, check if there is more then one type
available: If there is only
+ one type, return it. Else, let the client choose one type).
+
X-Anastatis-Version: $NUMBER --- return actual version number in header;
(if not specified in request, return latest).
@@ -56,12 +62,12 @@ cache; (2) possibly by using HTTPS.
.. _EncryptedPolicyDocument:
.. code-block:: tsref
- interface EscrowInitResponse {
+ interface EncryptedPolicyDocument {
// ECDHE public key used to encrypt the payload
ephemeral_pub: EddsaPublicKey;
// Authentication tag
- aeas_gcm_tag: byte[32];
+ aes_gcm_tag: byte[32];
// Variable-size encrypted policy document. After decryption,
// this contains a gzip compressed JSON-encoded `PolicyDocument`_.
@@ -72,7 +78,7 @@ cache; (2) possibly by using HTTPS.
.. _PolicyDocument:
.. code-block:: tsref
- interface EscrowInitResponse {
+ interface PolicyDocument {
// List of escrow providers and selected authentication method
methods: EscrowMethod[];
@@ -112,19 +118,21 @@ cache; (2) possibly by using HTTPS.
Otherwise, store new version.
-.. _escrow:
+.. _keyshare:
---------------------------------
Manage key share for escrow
---------------------------------
This API is used by Anastasis clients to share a key share with the
-escrow provider.
+key provider. The client is identified and authorized by $ACCOUNT_PUB,
+which should be kept secret from third parties. $ACCOUNT_PUB should be an
+EdDSA public key.
-.. http:post:: /escrow/$ACCOUNT_PUB/$UUID
+.. http:post:: /keyshare/$ACCOUNT_PUB/$UUID
- Send key share to escrow provider.
+ Send key share to key provider.
**Request:** The request body must be a `KeyShare`_ object.
@@ -165,10 +173,8 @@ escrow provider.
}
-
-
-.. http:get:: /escrow/$ACCOUNT_PUB/$UUID
+.. http:get:: /keyshare/$ACCOUNT_PUB/$UUID
Request masterkey recovery.
--
To stop receiving notification emails like this one, please contact
address@hidden.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-anastasis] branch master updated: Added possibility to distinguish between several backups (e.g. wallet, password safe etc.),
gnunet <=