syntax = "proto3";

package pomerium.crypt;
option go_package = "github.com/pomerium/pomerium/pkg/grpc/crypt";

// A SealedMessage is an encrypted protobuf message.
message SealedMessage {
  // The Curve25519 public key used to encrypt the data encryption key.
  string key_id = 1;
  // The XChacha20poly1305 key used to encrypt the data,
  // itself stored encrypted by the Curve25519 public key.
  bytes data_encryption_key = 2;
  // The message type indicates the type of the protobuf message stored encrypted in encrypted_message.
  string message_type = 3;
  // An arbitrary encrypted protobuf message (marshaled as protojson before encryption).
  bytes encrypted_message = 4;
}

message PublicKeyEncryptionKey {
  string id = 1;
  bytes data = 2;
}