diff options
author | 2013-07-23 18:46:09 -0400 | |
---|---|---|
committer | 2013-07-23 18:46:09 -0400 | |
commit | bd9ef0f2530a848ff3f6a58a5e449b4e2b2209f8 (patch) | |
tree | 99f670e9265378da029377071db9c86d43a13faf /doc/design/assistant/gpgkeys.mdwn | |
parent | afa0d5c0d18f6f69ffbc55c26edde47b0c9ce949 (diff) |
roadmap for next year's work
Diffstat (limited to 'doc/design/assistant/gpgkeys.mdwn')
-rw-r--r-- | doc/design/assistant/gpgkeys.mdwn | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/design/assistant/gpgkeys.mdwn b/doc/design/assistant/gpgkeys.mdwn new file mode 100644 index 000000000..582082f2e --- /dev/null +++ b/doc/design/assistant/gpgkeys.mdwn @@ -0,0 +1,24 @@ +Currently the assistant sets up a shared encryption key, which is checked +into git, so anyone who gets the repository can decrypt files that are +stored encrypted on special remotes. + +To support using gpg keys in the assistant, we need two things: + +1. Help user set up a gpg key if they don't have one. This could be a + special-purpose key dedicated to being used by git-annex. It might be + nice to leave the user with a securely set up general purpose key, + but that would certianly preclude prompting for its password in the + webapp. Indeed, the password prompt is the main problem here. + Best solution would be to get gpg agent working on all supported + platforms. +2. Help user learn the gpg keys of people they want to share their repo + with, and give them access. If the public key was recorded in the git-annex + branch, this could be easily determined when sharing repositories with + friends. Or, use MonkeySphere.. + +----- + +Another gpg key security thing is that currently git-annex stores +crypto creds in memory while it's running. Should use locked memory. See +<https://github.com/vincenthz/hs-securemem> and +<https://github.com/vincenthz/hs-securemem/issues/1> |