Opened 11 years ago
Last modified 11 years ago
#229 new defect
zcrypt: Options support, and some common enhancements
| Reported by: | geofft@mit.edu | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | zephyr | Keywords: | |
| Cc: |
Description
(Filing this as a single ticket, since the mechanism for enhancements blocks the enhancements themselves.)
I've seen two issues complained about regarding zcrypt recently: people want the option of encrypting instances, and of disabling an accidental zwrite to a class. These shouldn't be on by default, though.
I propose that we extend the existing .crypt-table syntax to support something like
crypt-geofft: AES:/mit/geofft/zcrypt.key options-geofft: instances onlycrypt
This is backwards-compatible with existing zcrypt implementations, and extensible.
I also propose these two features for inclusion. onlycrypt would make zwrite -c geofft silently behave as zcrypt -c geofft (or error, perhaps?). instances would encrypt and decrypt the instance somehow; I'm not sure off-hand what crypto I would propose, though (but presumably something deterministic and with at most the class name as IV).
Change History (2)
comment:1 Changed 11 years ago by adehnert@mit.edu
- Component changed from internals to zephyr
It would be nice to have some theory for how to handle options with a value. "key=value" seems fine, and seems somewhat unlikely to break horribly however this gets implemented.