New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Go implementation #13
Comments
❤️ I am a huge fan of NaCl, and quite wary of the PKCS standards. |
djb 💯 |
I added manpages which are installed with the debian package and vendored with the rubygem (unfortunately rubygems can't install manpages globally). |
What happens if you try to encrypt: "_starts_with_an_underscore": {
"no_leading_underscore": "123123123123123123123"
} I'm assuming it does the simple thing, and encrypts the value anyways, I'm just wondering if that's the nicest behaviour or if it should at least be documented? |
@eapache it's not in the manpage, but it is in README.md: https://github.com/Shopify/ejson/tree/go-impl#format (see point 6). I'll add it to ejson.5. |
(I want to err on the side of encrypting too much rather than too little, so this is the behaviour I want, though I'm open to argument on that point) |
👍 to explanation and documenting it |
Also fun: http://shopify.github.io/ejson/ |
@burke any plans to add schemas to the Go version? |
Yeah, but I plan to do that in a separate codebase, probably just a gem that plugs in to rails. There's no reason that bit has to clutter the ejson codebase. |
|
|
Actually, I think it's unreasonable to prevent traversal here: The only input value is the keydir, which is allowed to be anywhere on the system. I made the other two changes. |
The other input is the key; is there an escalation where a user can generate a fake public key to escape the key-dir? |
I don't think so; if they do, they've found a bug in |
|
Also, I really like that the current system preserves the input formatting. Explicit ordering would interfere with semantic grouping, might put I'll try to make the json stuff better, but I don't think there's a better option than the scanner. |
|
|
Lots of minor comments, but on the whole I really like this, 👍 |
|
It is, I think, the only thing keeping the library part here from being cross-platform (making the whole thing cross-platform would also require ripping out the man-page bits). Security-specific discussion has been taken offline. |
I replied to your email, but TL;DR: It's not the hugest of deals but I figured I'd do it right. |
I have no real desire to support this on Windows, so I don't feel too bad about reading from |
I'll take a look at this, this is cool. |
Back to |
To summarize our discussion offline, |
First of all, it's a nicely commented and structured project. Good job! Few comments reading through it:
With this, I'm not sure I'm seeing how schemas could be built on top of it in a reasonable way where everything isn't encrypted? |
|
Also, it's probably worth pointing out that |
...from some unspecified point in the past. Better than something hand-rolled I guess, but still a bit icky. Alas. |
Agree on all counts. |
I'd PR this, but it has no code in common with the previous ruby implementation, so it wouldn't provide a whole lot of value.
Instead, see https://github.com/Shopify/ejson
Highlights:
Makefile
generates rubygem and debian package/opt/ejson/keys
directory contains files named with full public key, containing private key.ejson decrypt
looks up key referenced by ejson file in/opt/ejson/keys
I'll keep poking at this over the next couple of days, but it's basically ready for feedback. The code is pretty well compartmentalized and documented; I don't think it'll be very hard to grok what's going on. Start with
README.md
, thenejson.go
andcmd/ejson/*.go
.Review/cc any combination of: @Shopify/stack, @Shopify/secops. It can easily wait until BFCM if you're busy.
The text was updated successfully, but these errors were encountered: