Allow public-key encryption of file content.

With the initremote parameters "encryption=pubkey keyid=788A3F4C". /!\ Adding or removing a key has NO effect on files that have already been copied to the remote. Hence using keyid+= and keyid-= with such remotes should be used with care, and make little sense unless the point is to replace a (sub-)key by another. /!\ Also, a test case has been added to ensure that the cipher and file contents are encrypted as specified by the chosen encryption scheme.
2013-09-01 20:12:00 +02:00 · 2013-09-01 20:12:00 +02:00 · 8293ed619f
commit 8293ed619f
parent f8082933e7
17 changed files with 307 additions and 140 deletions
--- a/Types/Crypto.hs
+++ b/Types/Crypto.hs
@ -24,7 +24,15 @@ import Utility.Gpg (KeyIds(..))
 -- XXX ideally, this would be a locked memory region
 newtype Cipher = Cipher String

-data StorableCipher = EncryptedCipher String KeyIds | SharedCipher String
+data StorableCipher = EncryptedCipher String Bool KeyIds
+		-- ^ The Boolean indicates whether the cipher is used
+		-- both for symmetric encryption of file content and
+		-- MAC'ing of file names (True), or only for MAC'ing,
+		-- while file content is encrypted using public-key
+		-- crypto (False). In the latter case the cipher is
+		-- twice as short, but we don't want to rely on that
+		-- only.
+		| SharedCipher String
 	deriving (Ord, Eq)

 {- File names are (client-side) MAC'ed on special remotes.