Opened 8 years ago

Last modified 8 years ago

#230 new enhancement

zcrypt: Key file path discovery in message comment

Reported by: geofft@mit.edu Owned by:
Priority: minor Milestone:
Component: zephyr Keywords:
Cc:

Description

It'd be pretty nifty to allow provisioning a zcrypt class by saying "sub to this class", and having the first message to that class specify what key file to use. We could put a header before BEGIN PGP MESSAGE that included the path to the key. Then you could just tell people "sub to this class", and not require them to mess with .crypt-table manually (and instead update that file automatically).

In general, leaking the key path is not a concern, since filesystem ACLs protect the key itself. (We probably want to not do this by default, still and make this an advertise option.)

One possible area of concern, although unlikely, is that it should be easy to recover from someone sending a message there with an intentionally-wrong key path.

Change History (1)

comment:1 Changed 8 years ago by adehnert@mit.edu

  • Component changed from internals to zephyr
Note: See TracTickets for help on using tickets.