// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

syntax = "proto2";

option optimize_for = LITE_RUNTIME;

package enterprise_management;

// Contains a signing key and its signature.
message PolicySigningKey {
  // The key used to verify policy blobs sent down from the server.
  optional bytes signing_key = 1;

  // The signature for this signing key (verified using a hard-coded key
  // stored in the Chrome binary). This is essentially a certificate (key
  // signed with another well-known key that establishes a trust root).
  optional bytes signing_key_signature = 2;

  // This is the hard-coded verification key used to generate/verify the
  // signing_key_signature. We track this in the cache data so we know which
  // verification key to use when validating the cached policy (important when
  // doing key rotation).
  optional bytes verification_key = 3;
}