Opened 11 years ago

Last modified 11 years ago

#230 new enhancement

zcrypt: Key file path discovery in message comment

Reported by: Owned by:
Priority: minor Milestone:
Component: zephyr Keywords:


It'd be pretty nifty to allow provisioning a zcrypt class by saying "sub to this class", and having the first message to that class specify what key file to use. We could put a header before BEGIN PGP MESSAGE that included the path to the key. Then you could just tell people "sub to this class", and not require them to mess with .crypt-table manually (and instead update that file automatically).

In general, leaking the key path is not a concern, since filesystem ACLs protect the key itself. (We probably want to not do this by default, still and make this an advertise option.)

One possible area of concern, although unlikely, is that it should be easy to recover from someone sending a message there with an intentionally-wrong key path.

Change History (1)

comment:1 Changed 11 years ago by

  • Component changed from internals to zephyr
Note: See TracTickets for help on using tickets.