mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

mention that the cipher can also be used to crypt access keys

Browse source
This commit is contained in:
Joey Hess 2011-05-01 14:09:07 -04:00
parent 1f84c7a964
commit 3095e16311
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
doc/design/encryption.mdwn
View file

@ -85,6 +85,15 @@ really have content. If it's later determined to be safe to not encrypt the
HMAC cipher, the current design allows changing that, even for existing HMAC cipher, the current design allows changing that, even for existing
remotes. remotes.
## other use of the symmetric cipher
The symmetric cipher can be used to encrypt other content than the content
sent to the remote. In particular, it may make sense to encrypt whatever
access keys are used by the special remote with the cipher, and store that
in remotes.log. This way anyone whose gpg key has been given access to
the cipher can get access to whatever other credentials are needed to
use the special remote.
## risks ## risks
A risk of this scheme is that, once the symmetric cipher has been obtained, it A risk of this scheme is that, once the symmetric cipher has been obtained, it