summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/design/encryption.mdwn9
-rw-r--r--doc/encryption.mdwn7
2 files changed, 12 insertions, 4 deletions
diff --git a/doc/design/encryption.mdwn b/doc/design/encryption.mdwn
index b7acbb732..45eb43cc9 100644
--- a/doc/design/encryption.mdwn
+++ b/doc/design/encryption.mdwn
@@ -59,10 +59,11 @@ for each file in the repository, contact the encrypted remote to check
if it has the file. This can be done without enumeration, although it will
mean running gpg once per file fscked, to get the encrypted filename.
-So, the files stored in the remote should be encrypted. But, it needs
-to be a repeatable encryption, so they cannot just be gpg encrypted,
-that would yeild a new name each time. Instead, HMAC is used. Any hash
-could be used with HMAC; currently SHA1 is used.
+So, the files stored in the remote should be encrypted. But, it needs to
+be a repeatable encryption, so they cannot just be gpg encrypted, that
+would yeild a new name each time. Instead, HMAC is used. Any hash could
+be used with HMAC. SHA-1 is the default, but [[other_hashes|/encryption]]
+can be chosen for new remotes.
It was suggested that it might not be wise to use the same cipher for both
gpg and HMAC. Being paranoid, it's best not to tie the security of one
diff --git a/doc/encryption.mdwn b/doc/encryption.mdwn
index cc61fea6f..5349e8c7a 100644
--- a/doc/encryption.mdwn
+++ b/doc/encryption.mdwn
@@ -21,6 +21,13 @@ If you want to use encryption, run `git annex initremote` with
Typically, you will say "encryption=2512E3C7" to use a specific gpg key.
Or, you might say "encryption=joey@kitenet.net" to search for matching keys.
+The default MAC algorithm to be applied on the filenames is HMACSHA1. A
+stronger one, for instance HMACSHA512, one can be chosen upon creation
+of the special remote with the option `mac=HMACSHA512`. The available
+MAC algorithms are HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384, and
+HMACSHA512. Note that it is not possible to change algorithm for a
+non-empty remote.
+
The [[encryption_design|design/encryption]] allows additional encryption keys
to be added on to a special remote later. Once a key is added, it is able
to access content that has already been stored in the special remote.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 11:07:55 +0000