Investigations into a Random Read and Random Write State Substrate for Keynodes

[CMCDragonkai]

Ideally we would want to be able to change secrets (that is write more secrets to a secret repo, remove secrets from a secret repo, or even change the size of a secret file) randomly without doing linear operations like re-encryption and re-serialisation of archive formats. This may even help secret sharing to be more efficient in the future.

• https://en.wikipedia.org/wiki/Disk_encryption_theory

[CMCDragonkai]

Consider existing secret database tech like sqlite.

[CMCDragonkai]

http://www.ciphersbyritter.com/NEWS4/ECBMODE.HTM

[CMCDragonkai]

These 2 projects use FUSE to mediate between a filesystem in userspace and encrypted backend on disk somewhere. FUSE is interesting because we can offer a standard FS interface to consumers of Polykey secrets. But to be really secure you would have to either use mount namespaces or file descriptors as capabilities to allow specific processes to access secrets.

• https://nuetzlich.net/gocryptfs/comparison/
• https://github.com/timbod7/secretfs

FUSE is not portable to mobile devices.

[MeanMangosteen]

#7 Merged into this issue.