Added new encryption=sharedpubkey mode for special remotes.

This is useful for makking a special remote that anyone with a clone of the
repo and your public keys can upload files to, but only you can decrypt the
files stored in it.
This commit is contained in:
Joey Hess 2016-05-10 16:50:31 -04:00
parent 2d00523609
commit e219289c83
Failed to extract signature
7 changed files with 114 additions and 63 deletions

View file

@ -10,6 +10,7 @@ module Types.Crypto (
StorableCipher(..),
EncryptedCipherVariant(..),
KeyIds(..),
cipherKeyIds,
Mac(..),
readMac,
showMac,
@ -23,12 +24,19 @@ import Utility.Gpg (KeyIds(..))
-- XXX ideally, this would be a locked memory region
data Cipher = Cipher String | MacOnlyCipher String
data StorableCipher = EncryptedCipher String EncryptedCipherVariant KeyIds
| SharedCipher String
data StorableCipher
= EncryptedCipher String EncryptedCipherVariant KeyIds
| SharedCipher String
| SharedPubKeyCipher String KeyIds
deriving (Ord, Eq)
data EncryptedCipherVariant = Hybrid | PubKey
deriving (Ord, Eq)
cipherKeyIds :: StorableCipher -> Maybe KeyIds
cipherKeyIds (EncryptedCipher _ _ ks) = Just ks
cipherKeyIds (SharedPubKeyCipher _ ks) = Just ks
cipherKeyIds (SharedCipher _) = Nothing
defaultMac :: Mac
defaultMac = HmacSha1