summaryrefslogtreecommitdiff
path: root/doc/encryption.mdwn
diff options
context:
space:
mode:
authorGravatar Joey Hess <joeyh@joeyh.name>2016-05-10 16:50:31 -0400
committerGravatar Joey Hess <joeyh@joeyh.name>2016-05-10 16:50:31 -0400
commitac0b9506f2e38692b2a4e895f3c59d2d37a6886d (patch)
treea47285a6db28a08a42e9b4528c7ee9dc010e2908 /doc/encryption.mdwn
parent07b1aa343b6d82e8f75de606a5647b0a789f76e0 (diff)
Added new encryption=sharedpubkey mode for special remotes.
This is useful for makking a special remote that anyone with a clone of the repo and your public keys can upload files to, but only you can decrypt the files stored in it.
Diffstat (limited to 'doc/encryption.mdwn')
-rw-r--r--doc/encryption.mdwn29
1 files changed, 23 insertions, 6 deletions
diff --git a/doc/encryption.mdwn b/doc/encryption.mdwn
index bf6a9a229..311511510 100644
--- a/doc/encryption.mdwn
+++ b/doc/encryption.mdwn
@@ -23,8 +23,9 @@ to disable encryption. To use encryption, you run
* `git annex initremote newremote type=... encryption=hybrid keyid=KEYID ...`
* `git annex initremote newremote type=... encryption=shared`
* `git annex initremote newremote type=... encryption=pubkey keyid=KEYID ...`
+* `git annex initremote newremote type=... encryption=sharedpubkey keyid=KEYID ...``
-## hybrid encryption keys
+## hybrid encryption keys (encryption=hybrid)
The [[hybrid_key_design|design/encryption]] allows additional
encryption keys to be added on to a special remote later. Due to this
@@ -53,7 +54,7 @@ probably to replace a revoked key:
See also [[encryption_design|design/encryption]] for other security
risks associated with encryption.
-## shared encryption key
+## shared encryption key (encryption=shared)
Alternatively, you can configure git-annex to use a shared cipher to
encrypt data stored in a remote. This shared cipher is stored,
@@ -66,7 +67,7 @@ The advantage is you don't need to set up gpg keys. The disadvantage is
that this is **insecure** unless you trust every clone of the git
repository with access to the encrypted data stored in the special remote.
-## regular public key encryption
+## regular public key encryption (encryption=pubkey)
This alternative simply encrypts the files in the special remotes to one or
more public keys. It might be considered more secure due to its simplicity
@@ -88,9 +89,25 @@ key has to be kept around to be able to decrypt those files.
that the key has been compromised, it is **insecure** to leave files
encrypted using that old key, and the user should re-encrypt everything.)
-(Because filenames are MAC'ed, a cipher still needs to be
-generated (and encrypted to the given key IDs). It is only used for MHAC
-encryption of filenames.)
+(A cipher still needs to be generated (and is encrypted to the given key IDs).
+It is only used for HMAC encryption of filenames.)
+
+## regular public key encryption with shared filename encryption (encryption=sharedpubkey)
+
+This is a variation on encryption=pubkey which lets anyone who
+has access to the gpg public keys store files in the special remote.
+But, only owners of the corresponding private keys can retrieve the files
+from the special remote.
+
+ git annex initremote newremote type=... [encryption=hybrid] keyid=KEYID ...
+
+This might be useful if you want to let others drop off files for you in a
+special remote, so that only you can access them.
+
+The filenames used on the special remote are encrypted using HMAC,
+which prevents the special remote from seeing the filenames. But, anyone
+who can clone the git repository can access the HMAC cipher; it's stored
+**unencrypted** in the git repository.
## MAC algorithm