1 files changed, 27 insertions, 0 deletions

diff --git a/chrome/browser/sync/protocol/encryption.proto b/chrome/browser/sync/protocol/encryption.proto
new file mode 100644
index 0000000..a115957
--- /dev/null
+++ b/chrome/browser/sync/protocol/encryption.proto
@@ -0,0 +1,27 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Common sync protocol for encrypted data.
+
+syntax = "proto2";
+
+option optimize_for = LITE_RUNTIME;
+
+package sync_pb;
+
+// Encrypted sync data consists of two parts: a key name and a blob. Key name is
+// the name of the key that was used to encrypt blob and blob is encrypted data
+// itself.
+//
+// The reason we need to keep track of the key name is that a sync user can
+// change their passphrase (and thus their encryption key) at any time. When
+// that happens, we make a best effort to reencrypt all nodes with the new
+// passphrase, but since we don't have transactions on the server-side, we
+// cannot garantee that every node will be reencrypted. As a workaround, we keep
+// track of all keys, assign each key a name (by using that key to encrypt a
+// well known string) and keep track of which key was used to encrypt each node.
+message EncryptedData {
+  optional string key_name = 1;
+  optional string blob = 2;
+};