diff options
| author |  Joey Hess <joey@kitenet.net> | 2011-04-16 19:30:31 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2011-04-16 19:35:02 -0400 |
| commit | d2e74efdb2e5b819d5c56f167291b006badd94cb (patch) | |
| tree | e9dea4bcec8519f77b244c0c018b7bec919743cd /doc/design | |
| parent | 1247bfeaa7356e766d3ea09fa50bd300650f78af (diff) | |
document encryption
Diffstat (limited to 'doc/design')
| -rw-r--r-- | doc/design/encryption.mdwn | 37 |
1 files changed, 2 insertions, 35 deletions
diff --git a/doc/design/encryption.mdwn b/doc/design/encryption.mdwn index 915eee1a1..5a4bc8bbd 100644 --- a/doc/design/encryption.mdwn +++ b/doc/design/encryption.mdwn @@ -1,15 +1,5 @@ -git-annex mostly does not use encryption. Anyone with access to a git -repository can see all the filenames in it, its history, and can access -any annexed file contents. - -Encryption is needed when using [[special_remotes]] like Amazon S3, where -file content is sent to an untrusted party who does not have access to the -git repository. - -Such an encrypted remote uses strong encryption on the contents of files, -as well as the filenames. The size of the encrypted files, and access -patterns of the data, should be the only clues to what type of is stored in -such a remote. +This was the design doc for [[encryption]] and is preserved for +the curious. [[!toc]] @@ -20,29 +10,6 @@ should be a way to tell what backend is responsible for a given filename in an encrypted remote. (And since special remotes can also store files unencrypted, differentiate from those as well.) -At a high level, an encryption backend needs to support these operations: - -* Create a new encrypted cipher, or update the cipher. Some input - parameters will specifiy things like the gpg public keys that - can access the cipher. - -* Initialize an instance of the encryption backend, that will use a - specified encrypted cipher. - -* Given a key/value backend key, produce and return an encrypted key. - - The same naming scheme git-annex uses for keys in regular key/value - [[backends]] can be used. So a filename for a key might be - "GPG-s12345--armoureddatahere" - -* Given a streaming source of file content, encrypt it, and send it in - a stream to an action that consumes the encrypted content. - -* Given a streaming source of encrypted content, decrypt it, and send - it in a stream to an action that consumes the decrypted content. - -* Clean up. - The rest of this page will describe a single encryption backend using GPG. Probably only one will be needed, but who knows? Maybe that backend will turn out badly designed, or some other encryptor needed. Designing |