Opened 9 years ago

Last modified 8 years ago

#229 new defect

zcrypt: Options support, and some common enhancements

Reported by: geofft@mit.edu Owned by:
Priority: major Milestone:
Component: zephyr Keywords:
Cc:

Description

(Filing this as a single ticket, since the mechanism for enhancements blocks the enhancements themselves.)

I've seen two issues complained about regarding zcrypt recently: people want the option of encrypting instances, and of disabling an accidental zwrite to a class. These shouldn't be on by default, though.

I propose that we extend the existing .crypt-table syntax to support something like

crypt-geofft: AES:/mit/geofft/zcrypt.key
options-geofft: instances onlycrypt

This is backwards-compatible with existing zcrypt implementations, and extensible.

I also propose these two features for inclusion. onlycrypt would make zwrite -c geofft silently behave as zcrypt -c geofft (or error, perhaps?). instances would encrypt and decrypt the instance somehow; I'm not sure off-hand what crypto I would propose, though (but presumably something deterministic and with at most the class name as IV).

Change History (2)

comment:1 Changed 8 years ago by adehnert@mit.edu

  • Component changed from internals to zephyr

comment:2 Changed 8 years ago by adehnert@mit.edu

It would be nice to have some theory for how to handle options with a value. "key=value" seems fine, and seems somewhat unlikely to break horribly however this gets implemented.

Note: See TracTickets for help on using tickets.