mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

close with comment

Browse source
This commit is contained in:
Joey Hess 2015-03-31 15:46:00 -04:00
parent 42bbed7ce5
commit 1f113e852b
2 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

23
doc/bugs/feature_request:_pubkey-only_encryption_mode/comment_1_684d36c06429306be68fd60019564db3._comment Normal file
View file

@ -0,0 +1,23 @@
[[!comment format=mdwn
username="joey"
subject="""comment 1"""
date="2015-03-31T19:37:20Z"
content="""
When you use encryption=pubkey, the symmetric key that is used for
HMAC encryption of filenames is encrypted using your gpg private key.
The contents of files are also encrypted using your gpg private key
(not using the symmetric key; that mode is encryption=hybrid).
So, with encryption=pubkey, all that can be done with that symmetric key is
to HMAC encrypt filenames and try to find results that match the HMACed
filenames used on the remote. So, if you don't care about filenames
leaking, you could publish that symmetric key with no bad effects. Its
security is not important to you based on what you've said.
But again, that symmetric key is encrypted with your gpg private key.
The only way to decrypt it would be to break your gpg key somehow. In which
case you have big problems. But not ones caused by the existence of the
symmetric key.
So, I see no benefit to the suggested mode.
"""]]