Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option for verifiable publish/import #92

Closed
maxzinkus opened this issue Mar 2, 2023 · 6 comments · Fixed by #127 or #135
Closed

Add option for verifiable publish/import #92

maxzinkus opened this issue Mar 2, 2023 · 6 comments · Fixed by #127 or #135
Assignees
@maxzinkus
Labels
enhancement New feature or request

Comments

@maxzinkus
Copy link
Collaborator

I plan to add this as an optional feature on publish & import.

publish creates a compressed archive, and import unpacks it into a ~/.macpine VM directory.

Adding verifiability to this process would allow for:

  • trustworthy sharing of imported VMs
  • encrypted & authenticated backups of VMs

age is a modern file-based authenticated-encryption tool written by a renown author in the cryptography community.

age can encrypt & authenticate:

  • symmetrically, with a password
  • asymmetrically, to an age-keygen-generated public key, or to an ssh-keygen ssh public key

Symmetric encryption can be used for secure backups or ease-of-use in verifiable sharing. Asymmetric encryption can be used to encrypt VMs to a specified recipient, including by using their publicly-listed GitHub SSH keys (example: https://github.com/maxzinkus.keys).
This was referenced Mar 2, 2023
Closed
Closed
@maxzinkus
Copy link
Collaborator Author

TODO @maxzinkus: import age as a Go mod rather than system dep, and call it programmatically instead of using exec. Refer to FiloSottile/age#436

@maxzinkus maxzinkus self-assigned this Apr 1, 2023
@maxzinkus maxzinkus added the enhancement New feature or request label Apr 1, 2023
@maxzinkus maxzinkus added the in progress Issue is in the process of being resolved label Apr 11, 2023
@maxzinkus
Copy link
Collaborator Author

@idroz once I have time to wrap this one up, maybe it could be time for v0.11 -- and maybe a round of hackernews / reddit / etc postings! I imagine the traffic is positive for your company and the new features are pretty fun and improve user QoL, so they could draw even more traction :)

@idroz
Copy link
Collaborator

idroz commented Apr 19, 2023

I was thinking of doing a tightening up of the docs/adding some fun examples and doing the 0.11 release with features as they are now :) With the API stabilising and verifiable publish/import it may be time to put a roadmap together for 1.0 release?

Certainly hn/reddit awareness round would be good and I can put that together once 0.11 is out!

@maxzinkus
Copy link
Collaborator Author

#127 is ready for review!

@maxzinkus maxzinkus linked a pull request Apr 20, 2023 that will close this issue
Add age-encrypted publish/import #127
Merged
@maxzinkus maxzinkus removed the in progress Issue is in the process of being resolved label Apr 20, 2023
@maxzinkus maxzinkus mentioned this issue Apr 20, 2023
Merged
@maxzinkus
Copy link
Collaborator Author

and- sounds good. I don't have any other API-level ideas or changes in the near term :)

@maxzinkus maxzinkus reopened this Apr 23, 2023
@maxzinkus maxzinkus mentioned this issue Apr 23, 2023
Merged
@maxzinkus
Copy link
Collaborator Author

@idroz I messed up and accidentally merged this PR (#127) while trying to re-synchronize other changes to main into it. I tried to revert it (#134) but that seems to have made even more of a mess.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maxzinkus maxzinkus

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
2 participants
@maxzinkus @idroz