document encryption
This commit is contained in:
parent
1247bfeaa7
commit
d2e74efdb2
6 changed files with 53 additions and 67 deletions
|
@ -1,15 +1,5 @@
|
|||
git-annex mostly does not use encryption. Anyone with access to a git
|
||||
repository can see all the filenames in it, its history, and can access
|
||||
any annexed file contents.
|
||||
|
||||
Encryption is needed when using [[special_remotes]] like Amazon S3, where
|
||||
file content is sent to an untrusted party who does not have access to the
|
||||
git repository.
|
||||
|
||||
Such an encrypted remote uses strong encryption on the contents of files,
|
||||
as well as the filenames. The size of the encrypted files, and access
|
||||
patterns of the data, should be the only clues to what type of is stored in
|
||||
such a remote.
|
||||
This was the design doc for [[encryption]] and is preserved for
|
||||
the curious.
|
||||
|
||||
[[!toc]]
|
||||
|
||||
|
@ -20,29 +10,6 @@ should be a way to tell what backend is responsible for a given filename
|
|||
in an encrypted remote. (And since special remotes can also store files
|
||||
unencrypted, differentiate from those as well.)
|
||||
|
||||
At a high level, an encryption backend needs to support these operations:
|
||||
|
||||
* Create a new encrypted cipher, or update the cipher. Some input
|
||||
parameters will specifiy things like the gpg public keys that
|
||||
can access the cipher.
|
||||
|
||||
* Initialize an instance of the encryption backend, that will use a
|
||||
specified encrypted cipher.
|
||||
|
||||
* Given a key/value backend key, produce and return an encrypted key.
|
||||
|
||||
The same naming scheme git-annex uses for keys in regular key/value
|
||||
[[backends]] can be used. So a filename for a key might be
|
||||
"GPG-s12345--armoureddatahere"
|
||||
|
||||
* Given a streaming source of file content, encrypt it, and send it in
|
||||
a stream to an action that consumes the encrypted content.
|
||||
|
||||
* Given a streaming source of encrypted content, decrypt it, and send
|
||||
it in a stream to an action that consumes the decrypted content.
|
||||
|
||||
* Clean up.
|
||||
|
||||
The rest of this page will describe a single encryption backend using GPG.
|
||||
Probably only one will be needed, but who knows? Maybe that backend will
|
||||
turn out badly designed, or some other encryptor needed. Designing
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue