Allow public-key encryption of file content.

With the initremote parameters "encryption=pubkey keyid=788A3F4C".

/!\ Adding or removing a key has NO effect on files that have already
been copied to the remote. Hence using keyid+= and keyid-= with such
remotes should be used with care, and make little sense unless the point
is to replace a (sub-)key by another. /!\

Also, a test case has been added to ensure that the cipher and file
contents are encrypted as specified by the chosen encryption scheme.

1 files changed, 9 insertions, 1 deletions

diff --git a/Types/Crypto.hs b/Types/Crypto.hs
index e97d02ba8..ee61d0863 100644
--- a/Types/Crypto.hs
+++ b/Types/Crypto.hs
@@ -24,7 +24,15 @@ import Utility.Gpg (KeyIds(..))
 -- XXX ideally, this would be a locked memory region
 newtype Cipher = Cipher String
 
-data StorableCipher = EncryptedCipher String KeyIds | SharedCipher String
+data StorableCipher = EncryptedCipher String Bool KeyIds
+		-- ^ The Boolean indicates whether the cipher is used
+		-- both for symmetric encryption of file content and
+		-- MAC'ing of file names (True), or only for MAC'ing,
+		-- while file content is encrypted using public-key
+		-- crypto (False). In the latter case the cipher is
+		-- twice as short, but we don't want to rely on that
+		-- only.
+		| SharedCipher String
 	deriving (Ord, Eq)
 
 {- File names are (client-side) MAC'ed on special remotes.