HI all,
inspired by tink keysets, is there an interest in supporting similar functionality within cryptography library?
It would be an upgrade over MultiFernet, where each key would have unique key_id, and encrypted data would contain the info about which key was use to encrypt the data (as a prefix?), so that for decryption would need to go through all of the keys to find out which key was used to encrypt it.
Also it would support standard operations:
- add a key to the keyset
- remove the key from the keyset
- promote the key to be the primary (used for encryption, all other keys in the keyset are used for decryption only).
Might even support enabled/disabled keys, so that the key is first disabled before deletion, in case there is still some encrypted data with it/
If there is an interest and this feature would be welcome, i am happy to discuss it further and put up a PR for this :)
HI all,
inspired by tink keysets, is there an interest in supporting similar functionality within
cryptographylibrary?It would be an upgrade over
MultiFernet, where each key would have uniquekey_id, and encrypted data would contain the info about which key was use to encrypt the data (as a prefix?), so that for decryption would need to go through all of the keys to find out which key was used to encrypt it.Also it would support standard operations:
Might even support enabled/disabled keys, so that the key is first disabled before deletion, in case there is still some encrypted data with it/
If there is an interest and this feature would be welcome, i am happy to discuss it further and put up a PR for this :)