package securemessage

Get desktop application:
View/edit binary Protocol Buffers messages

A convenience proto for encoding Diffie-Hellman public keys, for use only when Elliptic Curve based key exchanges are not possible. (Note that the group parameters must be specified separately)

Used in: GenericPublicKey

required bytes y = 1
Big-endian two's complement encoded group element

A convenience proto for encoding NIST P-256 elliptic curve public keys

Used in: GenericPublicKey

required bytes x = 1
x and y are encoded in big-endian two's complement (slightly wasteful) Client MUST verify (x,y) is a valid point on NIST P256
required bytes y = 2

Supported encryption schemes

Used in: Header

NONE = 1
No encryption
AES_256_CBC = 2

Used in: securegcm.InitiatorHello, securegcm.ResponderHello

required PublicKeyType type = 1
optional EcP256PublicKey ec_p256_public_key = 2
optional SimpleRsaPublicKey rsa2048_public_key = 3
optional DhPublicKey dh2048_public_key = 4
Use only as a last resort

Used in: HeaderAndBody

required SigScheme signature_scheme = 1
required EncScheme encryption_scheme = 2
optional bytes verification_key_id = 3
Identifies the verification key
optional bytes decryption_key_id = 4
Identifies the decryption key
optional bytes iv = 5
Encryption may use an IV
optional bytes public_metadata = 6
Arbitrary per-protocol public data, to be sent with the plain-text header
optional uint32 associated_data_length = 7
The length of some associated data this is not sent in this SecureMessage, but which will be bound to the signature.

required Header header = 1
Public data about this message (to be bound in the signature)
required bytes body = 2
Payload data

Must be kept wire-format compatible with HeaderAndBody. Provides the SecureMessage code with a consistent wire-format representation that remains stable irrespective of protobuf implementation choices. This low-level representation of a HeaderAndBody should not be used by any code outside of the SecureMessage library implementation/tests.

required bytes header = 1
A raw (wire-format) byte encoding of a Header, suitable for hashing
required bytes body = 2
Payload data

A list of supported public key types

Used in: GenericPublicKey

EC_P256 = 1
RSA2048 = 2
DH2048_MODP = 3
2048-bit MODP group 14, from RFC 3526

required bytes header_and_body = 1
Must contain a HeaderAndBody message
required bytes signature = 2
Signature of header_and_body

Supported "signature" schemes (both symmetric key and public key based)

Used in: Header

HMAC_SHA256 = 1
ECDSA_P256_SHA256 = 2
RSA2048_SHA256 = 3
Not recommended -- use ECDSA_P256_SHA256 instead

A convenience proto for encoding RSA public keys with small exponents

Used in: GenericPublicKey

required bytes n = 1
Encoded in big-endian two's complement
optional int32 e = 2

package securemessage

message DhPublicKey

required bytes y = 1

message EcP256PublicKey

required bytes x = 1

required bytes y = 2

enum EncScheme

NONE = 1

AES_256_CBC = 2

message GenericPublicKey

required PublicKeyType type = 1

optional EcP256PublicKey ec_p256_public_key = 2

optional SimpleRsaPublicKey rsa2048_public_key = 3

optional DhPublicKey dh2048_public_key = 4

message Header

required SigScheme signature_scheme = 1

required EncScheme encryption_scheme = 2

optional bytes verification_key_id = 3

optional bytes decryption_key_id = 4

optional bytes iv = 5

optional bytes public_metadata = 6

optional uint32 associated_data_length = 7

message HeaderAndBody

required Header header = 1

required bytes body = 2

message HeaderAndBodyInternal

required bytes header = 1

required bytes body = 2

enum PublicKeyType

EC_P256 = 1

RSA2048 = 2

DH2048_MODP = 3

message SecureMessage

required bytes header_and_body = 1

required bytes signature = 2

enum SigScheme

HMAC_SHA256 = 1

ECDSA_P256_SHA256 = 2

RSA2048_SHA256 = 3

message SimpleRsaPublicKey

required bytes n = 1

optional int32 e = 2