document encryption

This commit is contained in:
Joey Hess 2011-04-16 19:30:31 -04:00
parent 1247bfeaa7
commit d2e74efdb2
6 changed files with 53 additions and 67 deletions

View file

@ -1,15 +1,5 @@
git-annex mostly does not use encryption. Anyone with access to a git
repository can see all the filenames in it, its history, and can access
any annexed file contents.
Encryption is needed when using [[special_remotes]] like Amazon S3, where
file content is sent to an untrusted party who does not have access to the
git repository.
Such an encrypted remote uses strong encryption on the contents of files,
as well as the filenames. The size of the encrypted files, and access
patterns of the data, should be the only clues to what type of is stored in
such a remote.
This was the design doc for [[encryption]] and is preserved for
the curious.
[[!toc]]
@ -20,29 +10,6 @@ should be a way to tell what backend is responsible for a given filename
in an encrypted remote. (And since special remotes can also store files
unencrypted, differentiate from those as well.)
At a high level, an encryption backend needs to support these operations:
* Create a new encrypted cipher, or update the cipher. Some input
parameters will specifiy things like the gpg public keys that
can access the cipher.
* Initialize an instance of the encryption backend, that will use a
specified encrypted cipher.
* Given a key/value backend key, produce and return an encrypted key.
The same naming scheme git-annex uses for keys in regular key/value
[[backends]] can be used. So a filename for a key might be
"GPG-s12345--armoureddatahere"
* Given a streaming source of file content, encrypt it, and send it in
a stream to an action that consumes the encrypted content.
* Given a streaming source of encrypted content, decrypt it, and send
it in a stream to an action that consumes the decrypted content.
* Clean up.
The rest of this page will describe a single encryption backend using GPG.
Probably only one will be needed, but who knows? Maybe that backend will
turn out badly designed, or some other encryptor needed. Designing