document encryption

doc/design/encryption.mdwn

@@ -1,15 +1,5 @@
-git-annex mostly does not use encryption. Anyone with access to a git
-repository can see all the filenames in it, its history, and can access
-any annexed file contents.
-
-Encryption is needed when using [[special_remotes]] like Amazon S3, where
-file content is sent to an untrusted party who does not have access to the
-git repository.
-
-Such an encrypted remote uses strong encryption on the contents of files,
-as well as the filenames. The size of the encrypted files, and access
-patterns of the data, should be the only clues to what type of is stored in
-such a remote.
+This was the design doc for [[encryption]] and is preserved for
+the curious.
 
 [[!toc]]
 
@@ -20,29 +10,6 @@ should be a way to tell what backend is responsible for a given filename
 in an encrypted remote. (And since special remotes can also store files
 unencrypted, differentiate from those as well.)
 
-At a high level, an encryption backend needs to support these operations:
-
-* Create a new encrypted cipher, or update the cipher. Some input
-  parameters will specifiy things like the gpg public keys that
-  can access the cipher.
-
-* Initialize an instance of the encryption backend, that will use a
-  specified encrypted cipher.
-
-* Given a key/value backend key, produce and return an encrypted key.
-  
-  The same naming scheme git-annex uses for keys in regular key/value 
-  [[backends]] can be used. So a filename for a key might be
-  "GPG-s12345--armoureddatahere"
-
-* Given a streaming source of file content, encrypt it, and send it in
-  a stream to an action that consumes the encrypted content.
-
-* Given a streaming source of encrypted content, decrypt it, and send
-  it in a stream to an action that consumes the decrypted content.
-
-* Clean up.
-
 The rest of this page will describe a single encryption backend using GPG.
 Probably only one will be needed, but who knows? Maybe that backend will
 turn out badly designed, or some other encryptor needed. Designing