All Implemented Interfaces:
```
public final class SvrB

                    
```
Service for Secure Value Recovery for Backups (SVR-B) operations.
This service provides forward secrecy for Signal backups using SVR-B. Forward secrecy ensures that even if the user's Account Entropy Pool or Backup Key is compromised, the attacker can decrypt a very small number of past backups. This is achieved by storing a token in a secure enclave inside the SVR-B server, which provably attests that it only stores a single token at a time for each user.
To achieve these properties, a secret token is required to derive the actual encryption keys for the backup. At backup time, this token must be stored in the SVR-B server, overwriting the previous token. At restore time, the token must be retrieved from the SVR-B server, and used to derive the encryption keys for the backup.
- Create a Network instance and get the SvrB service via Network.svrB
- If this is a fresh install, call SvrB.createNewBackupChain and store the result locally. Otherwise, retrieve the secret data from the last successful backup operation (store or restore).
- Call SvrB.store
- Use the returned forward secrecy token to derive encryption keys
- Encrypt and upload the backup data to the user's remote, off-device storage location, including the returned SvrBStoreResponse.metadata. The upload must succeed before proceeding or the previous backup might become unretrievable.
- Store the SvrBStoreResponse.nextBackupSecretData locally, overwriting any previously-saved value.
When calling SvrB.store, the previousSecretData parameter must be from the last call to SvrB.store or SvrB.restore that succeeded. This "chaining" is used to construct each backup file so that it can be decrypted with either the previous token stored in SVR-B, or the next one, which is important in case the overall backup upload is ever interrupted.
The returned secret from a successful store() or restore() call should be persisted until it is overwritten by the value from a subsequent successful call. The caller should use SvrB.createNewBackupChain only for the very first backup with a particular backup key.
- Create a Network instance and get the SvrB service via Network.svrB
- Fetch the backup metadata from storage
- Call SvrB.restore to get the forward secrecy token
- Use the token to derive decryption keys
- Decrypt and restore the backup data
- Store the SvrBRestoreResponse.nextBackupSecretData locally.
```
val net = Network(Network.Environment.PRODUCTION, "Signal Android")
val auth = Network.Auth(username = "myUsername", password = "myPassword")
val svrB = net.svrB(auth)

// Prepare a backup
val stored = svrB.store(myKey, previousSecretData).get().getOrThrow()
// ... store backup with stored.forwardSecrecyToken remotely ...
// Securely persist stored.nextBackupSecretData for the next backup
```

Nested Class Summary

Nested Classes
Modifier and Type	Class	Description

Field Summary

Fields
Modifier and Type	Field	Description

Constructor Summary

Constructors
Constructor	Description

Enum Constant Summary

Enum Constants
Enum Constant	Description

Method Summary

Modifier and Type	Method	Description
`final ByteArray`	`createNewBackupChain(BackupKey backupKey)`	Generates backup "secret data" for a fresh install.
`final CompletableFuture<Result<SvrBStoreResponse>>`	`store(BackupKey backupKey, ByteArray previousSecretData)`	Prepares a backup for storage with forward secrecy guarantees.
`final CompletableFuture<Result<SvrBRestoreResponse>>`	`restore(BackupKey backupKey, ByteArray metadata)`	Fetches the forward secrecy token needed to decrypt a backup.
`final CompletableFuture<Result<Void>>`	`remove()`	Attempts to remove the info stored with SVR-B for this particular username/password pair.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
- Method Detail
  - createNewBackupChain
```
 final ByteArray createNewBackupChain(BackupKey backupKey)
```
    Generates backup "secret data" for a fresh install.
    Should not be used if any previous backups exist for this backupKey, whether uploaded or restored by the local device. See SvrB for more information.
  - store
```
 final CompletableFuture<Result<SvrBStoreResponse>> store(BackupKey backupKey, ByteArray previousSecretData)
```
    Prepares a backup for storage with forward secrecy guarantees.
    This makes a network call to the SVR-B server to store the forward secrecy token and returns a SvrBStoreResponse. See its fields' documentation and SvrB for how to continue persisting the backup on success.
    Parameters:
    
    backupKey - The backup key derived from the Account Entropy Pool (AEP).
    
    previousSecretData - Optional secret data from the most recent previous backup.
    
    Returns:
    
    a CompletableFuture that completes with:
    Result.success containing SvrBStoreResponse with the forward secrecy token, metadata, and secret data on success
    Result.failure containing InvalidSvrBDataException if the previous secret data is malformed. There's no choice here but to start a new chain.
    Result.failure containing RetryLaterException if the server is rate limiting this client. This is retryable after waiting the designated delay.
    Result.failure containing NetworkException if the network operation fails (connection, service, or timeout errors). These can be automatically retried (backoff recommended).
    Result.failure containing NetworkProtocolException if there is a protocol error. This indicates a possible bug in libsignal or in the enclave.
    Result.failure containing AttestationFailedException, AttestationDataException, or SgxCommunicationFailureException if enclave attestation fails. This indicates a possible bug in libsignal or in the enclave.
  - restore
```
 final CompletableFuture<Result<SvrBRestoreResponse>> restore(BackupKey backupKey, ByteArray metadata)
```
    Fetches the forward secrecy token needed to decrypt a backup.
    This function makes a network call to the SVR-B server to retrieve the forward secrecy token associated with a specific backup. The token is required to derive the message backup keys for decryption.
    The typical restore flow:
    Fetch the backup metadata (stored in a header in the backup file)
    Call this function to retrieve the forward secrecy token from SVR-B
    Use the token to derive message backup keys
    Decrypt and restore the backup data
    Store the returned SvrBRestoreResponse.nextBackupSecretData locally.
    Parameters:
    
    backupKey - The backup key derived from the Account Entropy Pool (AEP).
    
    metadata - The metadata that was stored in a header in the backup file during backup creation.
    
    Returns:
    
    a CompletableFuture that completes with:
    Result.success containing BackupForwardSecrecyToken needed to derive keys for decrypting the backup
    Result.failure containing InvalidSvrBDataException if the backup metadata is malformed. In this case the user's data is not recoverable.
    Result.failure containing RestoreFailedException if restoration fails (with remaining tries count). This should never happen but if it does the user's data is not recoverable.
    Result.failure containing DataMissingException if the backup data is not found on the server, indicating an incorrect backup key (which may in turn imply the user's data is not recoverable).
    Result.failure containing RetryLaterException if the server is rate limiting this client. This is retryable after waiting the designated delay.
    Result.failure containing NetworkException if the network operation fails (connection, service, or timeout errors). These can be automatically retried (backoff recommended).
    Result.failure containing NetworkProtocolException if there is a protocol error. This indicates a possible bug in libsignal or in the enclave.
    Result.failure containing AttestationFailedException, AttestationDataException, or SgxCommunicationFailureException if enclave attestation fails. This indicates a possible bug in libsignal or in the enclave.
  - remove
```
 final CompletableFuture<Result<Void>> remove()
```
    Attempts to remove the info stored with SVR-B for this particular username/password pair.
    This is a best-effort operation; a successful return means the data has been removed from (or never was present in) the current SVR-B enclaves, but may still be present in previous ones that have yet to be decommissioned. Conversely, a thrown error may still have removed information from previous enclaves.
    This should not typically be needed; rather than explicitly removing an entry, the client should generally overwrite with a new store instead.
    Returns:
    
    a CompletableFuture that completes with:
    Result.success if the data has been removed from the current enclave.
    Result.failure containing RetryLaterException if the server is rate limiting this client. This is retryable after waiting the designated delay.
    Result.failure containing NetworkException if the network operation fails (connection, service, or timeout errors). These can be automatically retried (backoff recommended).
    Result.failure containing NetworkProtocolException if there is a protocol error. This indicates a possible bug in libsignal or in the enclave.
    Result.failure containing AttestationFailedException, AttestationDataException, or SgxCommunicationFailureException if enclave attestation fails. This indicates a possible bug in libsignal or in the enclave.

Class SvrB

Nested Class Summary

Field Summary

Constructor Summary

Enum Constant Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

Method Detail

createNewBackupChain

store

restore

remove