diff options
Diffstat (limited to 'doc/encryption.mdwn')
| -rw-r--r-- | doc/encryption.mdwn | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/doc/encryption.mdwn b/doc/encryption.mdwn index ecc908463..29cb8a0bc 100644 --- a/doc/encryption.mdwn +++ b/doc/encryption.mdwn @@ -17,8 +17,8 @@ remote. You should decide whether to use encryption with a special remote before any data is stored in it. So, `git annex initremote` requires you to specify "encryption=none" when first setting up a remote in order -to disable encryption. To use encryption, you run -run `git-annex initremote` in one of these ways: +to disable encryption. To use encryption, you run +`git-annex initremote` in one of these ways: * `git annex initremote newremote type=... encryption=hybrid keyid=KEYID ...` * `git annex initremote newremote type=... encryption=shared` @@ -29,12 +29,12 @@ run `git-annex initremote` in one of these ways: The [[hybrid_key_design|design/encryption]] allows additional encryption keys to be added on to a special remote later. Due to this flexibility, it is the default and recommended encryption scheme. - + git annex initremote newremote type=... [encryption=hybrid] keyid=KEYID ... -Here the KEYID(s) are passed to `gpg` to find encryption keys. +Here the KEYID(s) are passed to `gpg` to find encryption keys. Typically, you will say "keyid=2512E3C7" to use a specific gpg key. -Or, you might say "keyid=joey@kitenet.net" to search for matching keys. +Or, you might say "keyid=id@joeyh.name" to search for matching keys. To add a new key and allow it to access all the content that is stored in the encrypted special remote, just run `git annex @@ -43,7 +43,7 @@ enableremote` specifying the new encryption key: git annex enableremote myremote keyid+=788A3F4C While a key can later be removed from the list, note that -that will **not** necessarily prevent the owner of the key +it will **not** necessarily prevent the owner of the key from accessing data on the remote (which is by design impossible to prevent, short of deleting the remote). In fact the only sound use of `keyid-=` is probably to replace a revoked key: @@ -58,8 +58,8 @@ risks associated with encryption. Alternatively, you can configure git-annex to use a shared cipher to encrypt data stored in a remote. This shared cipher is stored, **unencrypted** in the git repository. So it's shared among every -clone of the git repository. - +clone of the git repository. + git annex initremote newremote type=... encryption=shared The advantage is you don't need to set up gpg keys. The disadvantage is @@ -74,10 +74,10 @@ and since it's exactly the way everyone else uses gpg. git annex initremote newremote type=.... encryption=pubkey keyid=KEYID ... -A disavantage is that is not easy to later add additional public keys +A disadvantage is that it is not easy to later add additional public keys to the special remote. While the `enableremote` parameters `keyid+=` and `keyid-=` can be used, they have **no effect** on files that are already -present on the remote. Probably the only use for these parameters is +present on the remote. Probably the only use for these parameters is to replace a revoked key: git annex enableremote myremote keyid-=2512E3C7 keyid+=788A3F4C @@ -94,7 +94,7 @@ generated (and encrypted to the given key IDs).) ## MAC algorithm The default MAC algorithm to be applied on the filenames is HMACSHA1. A -stronger one, for instance HMACSHA512, one can be chosen upon creation +stronger one, for instance HMACSHA512, can be chosen upon creation of the special remote with the option `mac=HMACSHA512`. The available MAC algorithms are HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384, and HMACSHA512. Note that it is not possible to change algorithm for a |