design wrapup
This commit is contained in:
Joey Hess
parent
80981600a0
commit
83423211a2
1 changed files with 29 additions and 2 deletions
|
|
@ -22,8 +22,8 @@ The basis of this scheme was originally developed by Lars Wirzenius et al
|
||||||
[for Obnam](http://braawi.org/obnam/encryption/).
|
[for Obnam](http://braawi.org/obnam/encryption/).
|
||||||
"""]]
|
"""]]
|
||||||
|
|
||||||
Data is encrypted by gpg, using a symmetric cipher. The passphrase of the
|
Data is encrypted by gpg, using a symmetric cipher.
|
||||||
cipher is itself checked into your git repository, encrypted using one or
|
The cipher is itself checked into your git repository, encrypted using one or
|
||||||
more gpg public keys. This scheme allows new gpg private keys to be given
|
more gpg public keys. This scheme allows new gpg private keys to be given
|
||||||
access to content that has already been stored in the remote.
|
access to content that has already been stored in the remote.
|
||||||
|
|
||||||
|
|
@ -58,6 +58,33 @@ for each file in the repository, contact the encrypted remote to check
|
||||||
if it has the file. This can be done without enumeration, although it will
|
if it has the file. This can be done without enumeration, although it will
|
||||||
mean running gpg once per file fscked, to get the encrypted filename.
|
mean running gpg once per file fscked, to get the encrypted filename.
|
||||||
|
|
||||||
|
So, the files stored in the remote should be encrypted. But, it needs
|
||||||
|
to be a repeatable encryption, so they cannot just be gpg encrypted,
|
||||||
|
that would yeild a new name each time. Instead, HMAC is used. Any hash
|
||||||
|
could be used with HMAC; currently SHA1 is used.
|
||||||
|
|
||||||
|
It was suggested that it might not be wise to use the same cipher for both
|
||||||
|
gpg and HMAC. Being paranoid, it's best not to tie the security of one
|
||||||
|
to the security of the other. So, the encrypted cipher described above is
|
||||||
|
actually split in two; half is used for HMAC, and half for gpg.
|
||||||
|
|
||||||
|
----
|
||||||
|
|
||||||
|
Does the HMAC cipher need to be gpg encrypted? Imagine if it were
|
||||||
|
stored in plainext in the git repository. Anyone who can access
|
||||||
|
the git repository already knows the actual filenames, and typically also
|
||||||
|
the content hashes of annexed content. Having access to the HMAC cipher
|
||||||
|
could perhaps be said to only let them verify that data they already
|
||||||
|
know.
|
||||||
|
|
||||||
|
While this seems a pretty persuasive argument, I'm not 100% convinced, and
|
||||||
|
anyway, most times that the HMAC cipher is needed, the gpg cipher is also
|
||||||
|
needed. Keeping the HMAC cipher encrypted does slow down two things:
|
||||||
|
dropping content from encrypted remotes, and checking if encrypted remotes
|
||||||
|
really have content. If it's later determined to be safe to not encrypt the
|
||||||
|
HMAC cipher, the current design allows changing that, even for existing
|
||||||
|
remotes.
|
||||||
|
|
||||||
## risks
|
## risks
|
||||||
|
|
||||||
A risk of this scheme is that, once the symmetric cipher has been obtained, it
|
A risk of this scheme is that, once the symmetric cipher has been obtained, it
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue