Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support encrypting an entire file. #35

Open
ChrisCoffey opened this issue Aug 26, 2019 · 0 comments
Open

Support encrypting an entire file. #35

ChrisCoffey opened this issue Aug 26, 2019 · 0 comments
Assignees
@ChrisCoffey

Comments

@ChrisCoffey
Copy link
Contributor

This should follow the algorithm here https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html, but with some confcrypt conventions. The gist of it is:

  1. Introduce a new command group large that supports read and encrypt
  2. read should create an unencrypted file with the final .econf extension stripped
  3. encrypt generates a new confcrypt file with an extra .econf extension added on
  4. In an encrypted file, the encrypted key is stored in the KEY parameter, while the data is stored in FILE. This is a convention expected and enforced by confcrypt.

And there we go, that should provide whole-file encryption.
@ChrisCoffey ChrisCoffey self-assigned this Aug 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ChrisCoffey ChrisCoffey

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ChrisCoffey