Re: problem on windows XP

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Julian Pace Ross wrote:

> Hi again Shachar,
>
> If i am encrypting files that do not already exist on the dst dir, but 
> the aes symmetric key for that file does exist in the keysdir (since 
> this file was already encypted before, but simply deleted from the dst 
> dir), is the same symmetric key already available in keysdir used anyway?
Yes.
> Also, if I understood well, once the RSA key is used to create the 
> symmetric key, then the RSA key is never used for simple updates of 
> the file (since the symmetric key is used directly). How much does 
> this speed up the process?
It doesn't. For one thing, each file is encrypted independently of the 
previous time it was encrypted. Only the symmetric key is used. As such, 
while we save on generating a new symmetric key, we do still encrypt it 
using RSA.

Another aspect is that the RSA encryption takes a negligible part of the 
time it takes to actually encrypt the file.
> Also I realised the if a file is changed slightly, and the aes key in 
> the keysdir is deleted, running an encryption will recreate the key 
> file in keysdir.
The symmetric key is only extracted during decryption, and only if it's 
not already available. The answer to your question is "you understood 
incorrectly".
> Since this recreated key is the same key encrypted in the file, 
> wouldnt the private key be needed to recreate the unencrypted aes key 
> in keys dir?
If your statement above were true, then yes.
> Or is a new key generated from scratch when this happens?
Yes.
> Newxt question..... the man page refers to a gzip file that performs 
> null compression by redirecting the I/O to cat. I cant seem to find 
> the file in the source tgz... but my real question is: Is this 
> possible on windows?
The nullgzip was mostly used for testing purposes. At some point, to 
make working with CVS faster, I moved all the testing infrastructure 
into a different CVS branch. Unfortunately, I never got around to 
releasing it properly. If memory serves me correctly, it had a Windows 
version of the null gzip as well (the Unix version was just a tiny shell 
script).
> Is it possible to bypass compression entirely?
Using null gzip it is. I highly recommend against it, however. 
Rsyncrypto already reduces the strength of the encryption when compared 
with the standard AES/CBC method. Making the compressed input a low 
entropy one introduces uncertainties that I would rather not sign my 
name on.
> And finally, do you take any precautionary measures to prevent your 
> clients from choosing wrong dirs, keys etc.. thus generating 
> segmentation faults?
Mostly, my clients either get me to install the system for them. A GUI 
wrapper is in development, but due to my health situation, that has been 
delayed.
> Hopefully this will be my last barrage of 'rsyncrpyto newbie' 
> questions...
>
> Thanks once again
> Julian

> PS i dont know if you got the email below late yesterday...
>
>     OK, I understand... however not too sure about the syntax.. (can i use
>     the gzip.exe that came with the rsyncrytpo for windows?)
>
Yes, but you need to make sure it receives the correct parameters, 
probably through a wrapper. Unfortunately, I'm not aware of an easy way 
to do that in Windows. In Unix, you could write a tiny shell script.

          Shachar

-- 
Shachar Shemesh
Lingnu Open Source Consulting ltd.
Have you backed up today's work? http://www.lingnu.com/backup.html