diff options
author | 2016-03-12 12:57:18 -0400 | |
---|---|---|
committer | 2016-03-12 12:57:18 -0400 | |
commit | ca10c06819aacc50d4423836ce51fc4486803789 (patch) | |
tree | e96072aef36f12d28d715fd4b7396d3fea4eef4c /doc/todo/feature_request__58___pubkey-only_encryption_mode/comment_1_684d36c06429306be68fd60019564db3._comment | |
parent | 024dd384140b25f69defd762e41fd5e4af4f3567 (diff) |
rename files containing :
This is mostly to let the repo check out on windows w/o using cygwin's git.
But, bash completion is also crap with : , so ..
Diffstat (limited to 'doc/todo/feature_request__58___pubkey-only_encryption_mode/comment_1_684d36c06429306be68fd60019564db3._comment')
-rw-r--r-- | doc/todo/feature_request__58___pubkey-only_encryption_mode/comment_1_684d36c06429306be68fd60019564db3._comment | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/doc/todo/feature_request__58___pubkey-only_encryption_mode/comment_1_684d36c06429306be68fd60019564db3._comment b/doc/todo/feature_request__58___pubkey-only_encryption_mode/comment_1_684d36c06429306be68fd60019564db3._comment new file mode 100644 index 000000000..0e2f5e3ba --- /dev/null +++ b/doc/todo/feature_request__58___pubkey-only_encryption_mode/comment_1_684d36c06429306be68fd60019564db3._comment @@ -0,0 +1,23 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2015-03-31T19:37:20Z" + content=""" +When you use encryption=pubkey, the symmetric key that is used for +HMAC encryption of filenames is encrypted using your gpg private key. +The contents of files are also encrypted using your gpg private key +(not using the symmetric key; that mode is encryption=hybrid). + +So, with encryption=pubkey, all that can be done with that symmetric key is +to HMAC encrypt filenames and try to find results that match the HMACed +filenames used on the remote. So, if you don't care about filenames +leaking, you could publish that symmetric key with no bad effects. Its +security is not important to you based on what you've said. + +But again, that symmetric key is encrypted with your gpg private key. +The only way to decrypt it would be to break your gpg key somehow. In which +case you have big problems. But not ones caused by the existence of the +symmetric key. + +So, I see no benefit to the suggested mode. +"""]] |