summaryrefslogtreecommitdiff
path: root/doc/design
diff options
context:
space:
mode:
authorGravatar Joey Hess <joey@kitenet.net>2011-04-16 19:30:31 -0400
committerGravatar Joey Hess <joey@kitenet.net>2011-04-16 19:35:02 -0400
commitd2e74efdb2e5b819d5c56f167291b006badd94cb (patch)
treee9dea4bcec8519f77b244c0c018b7bec919743cd /doc/design
parent1247bfeaa7356e766d3ea09fa50bd300650f78af (diff)
document encryption
Diffstat (limited to 'doc/design')
-rw-r--r--doc/design/encryption.mdwn37
1 files changed, 2 insertions, 35 deletions
diff --git a/doc/design/encryption.mdwn b/doc/design/encryption.mdwn
index 915eee1a1..5a4bc8bbd 100644
--- a/doc/design/encryption.mdwn
+++ b/doc/design/encryption.mdwn
@@ -1,15 +1,5 @@
-git-annex mostly does not use encryption. Anyone with access to a git
-repository can see all the filenames in it, its history, and can access
-any annexed file contents.
-
-Encryption is needed when using [[special_remotes]] like Amazon S3, where
-file content is sent to an untrusted party who does not have access to the
-git repository.
-
-Such an encrypted remote uses strong encryption on the contents of files,
-as well as the filenames. The size of the encrypted files, and access
-patterns of the data, should be the only clues to what type of is stored in
-such a remote.
+This was the design doc for [[encryption]] and is preserved for
+the curious.
[[!toc]]
@@ -20,29 +10,6 @@ should be a way to tell what backend is responsible for a given filename
in an encrypted remote. (And since special remotes can also store files
unencrypted, differentiate from those as well.)
-At a high level, an encryption backend needs to support these operations:
-
-* Create a new encrypted cipher, or update the cipher. Some input
- parameters will specifiy things like the gpg public keys that
- can access the cipher.
-
-* Initialize an instance of the encryption backend, that will use a
- specified encrypted cipher.
-
-* Given a key/value backend key, produce and return an encrypted key.
-
- The same naming scheme git-annex uses for keys in regular key/value
- [[backends]] can be used. So a filename for a key might be
- "GPG-s12345--armoureddatahere"
-
-* Given a streaming source of file content, encrypt it, and send it in
- a stream to an action that consumes the encrypted content.
-
-* Given a streaming source of encrypted content, decrypt it, and send
- it in a stream to an action that consumes the decrypted content.
-
-* Clean up.
-
The rest of this page will describe a single encryption backend using GPG.
Probably only one will be needed, but who knows? Maybe that backend will
turn out badly designed, or some other encryptor needed. Designing