From f77ec285717a4034819cbe7e25cdefc8dc86c8d3 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Thu, 19 Jul 2018 16:46:06 -0400
Subject: [PATCH] response

---
 ..._72dbc03edbd8559527968c504c4fe7af._comment | 28 +++++++++++++++++++
 ..._a27a661e8b589cffb4acad3591586433._comment | 12 ++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 doc/bugs/sharedpubkey_is_using_a_different_filename_encryption_method_than_shared/comment_1_72dbc03edbd8559527968c504c4fe7af._comment
 create mode 100644 doc/forum/Shared_pubkeys__58___decrypting_files_in_special_remotes_without_git-annex/comment_9_a27a661e8b589cffb4acad3591586433._comment

diff --git a/doc/bugs/sharedpubkey_is_using_a_different_filename_encryption_method_than_shared/comment_1_72dbc03edbd8559527968c504c4fe7af._comment b/doc/bugs/sharedpubkey_is_using_a_different_filename_encryption_method_than_shared/comment_1_72dbc03edbd8559527968c504c4fe7af._comment
new file mode 100644
index 0000000000..0164038c2b
--- /dev/null
+++ b/doc/bugs/sharedpubkey_is_using_a_different_filename_encryption_method_than_shared/comment_1_72dbc03edbd8559527968c504c4fe7af._comment
@@ -0,0 +1,28 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-07-19T20:38:12Z"
+ content="""
+Shared only uses the first 256 bytes of the cipher to
+encrypt filenames, while sharedpubkey uses the entire cipher.
+
+That difference makes sense, since shared uses the second half of the cipher to
+encrypt file contents, while sharedpubkey encrypts that to the gpg key(s).
+
+You are truncating the sharedpubkey cipher to 256 bytes; I suspect if you
+don't, it will work. If it still doesn't work, refer to the working code
+that I posted in the forum thread earlier.
+
+I don't think that doc/encryption.mdwn needs to go into detailed specifics.
+If someone would like to write a fully detailed explanation of how the
+encryption works it could go in doc/internals.mdwn or someplace like that.
+
+(Crypto.hs is also not hard to follow if you look at the types:
+cipherMac of a MacOnlyCipher uses the whole cipher, while
+cipherMac of a Cipher uses only the beginning of the cipher.
+And decryptCipher of a SharedPubKeyCipher creates a MacOnlyCipher.)
+
+This bug certianly does not warrent changing the behavior of git-annex,
+which would in any case only complicate the situation since it would still
+need to support the current data.
+"""]]
diff --git a/doc/forum/Shared_pubkeys__58___decrypting_files_in_special_remotes_without_git-annex/comment_9_a27a661e8b589cffb4acad3591586433._comment b/doc/forum/Shared_pubkeys__58___decrypting_files_in_special_remotes_without_git-annex/comment_9_a27a661e8b589cffb4acad3591586433._comment
new file mode 100644
index 0000000000..0143d601f3
--- /dev/null
+++ b/doc/forum/Shared_pubkeys__58___decrypting_files_in_special_remotes_without_git-annex/comment_9_a27a661e8b589cffb4acad3591586433._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 9"""
+ date="2018-07-19T20:30:18Z"
+ content="""
+I tested the script fragement that I posted.
+
+The obvious difference between shared and sharedpubkey, if you look
+at that script fragement, is that shared only uses the first 256 bytes
+of the cipher to encrypt filenames, while sharedpubkey uses the entire
+cipher. 
+"""]]