Re: metadata
Brought to you by:
thesun
Menu
▾
▴
Re: metadata
|
From: Tom M. <tme...@vl...> - 2005-08-23 20:52:50
|
Shachar Shemesh wrote:
> If the third argument is a name of a non-existing file, then
> rsyncrypto assumes that this is the first time such a file is
> encrypted, and will create the symmetric key file. This is so that
> future encryption will be able to use the same encryption parameters,
> and thus create a file that is similar.
> [...]
> Now let's talk about decryption. One is "warm restore", where you
> still have the symmetric key file for the file you are trying to
> decrypt. If that's the case, you still need to provide the (RSA
> assymetric) public key. This is mostly for the technical reason that
> rsyncrypto needs to know how big the encrypted symmetric key is in the
> file, and this depends on the size of the public key. We could save it
> in the unencrypted key, but as you should never ever lose the private
> key, much less the public key, this did not seem like a big enough
> trouble to justify the extra work. Also, this gives rsyncrypto a
> consistant command line across all invocations.
Your comments above, as well as this:
--fk, --fr
If command line, or a version with different defaults, dictate
different values for the --roll-* options or the -b option,
these will only affect files for which keyfile does not yet
exist. specifying the --fk or --fr will recreate keyfile if it
has values different than those in the previous key file.
from the man page, plus your comments about storing encrypted file
names, suggests that there is a need for richer meta data storage in the
destination file.
It also suggests that the symmetric key files really want to be more
than just keys, but instead a collection of meta data needed to
reproduce an identical encrypted file (if the source data doesn't change).
Have you looked at any existing schemes for storing file meta data, such
as zip or gzip file headers? There may be value in co-opting one of those.
Another issue to consider is how much, if any, of the meta data should
be encrypted (when part of the destination file)? Even though requiring
the private key in order to access it may be inconvenient, probably
makes sense to encrypt everything.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: https://www.linkedin.com/e/fps/3452158/
|