-
-
Notifications
You must be signed in to change notification settings - Fork 831
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ENG-440, ENG-366] Header format improvements & crypto refactor #610
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
locking the key manager will protect all mounted keys now
ENG-440 Encrypted header upgrades
Currently, we have some versioning in place for our encrypted headers. It is not robust, nor is it (too) easy to update to a new version. These changes should completely resolve that issue - and more. I plan to use The plan is subject to change, and it will be entirely incompatible with our current header format - but hopefully any future changes will be extremely easy to implement (and won't break previous versions). I am also going to make the header objects extremely generic, and we can add new specific types as we please. The current preview media and metadata objects will be dropped in favor of this design. ENG-366 Crypto UX overhaul
The UX of our crypto system isn't the most ideal. It's littered with confusing terminology, unnecessary actions and isn't the easiest for the everyday user to understand. I have a series of changes that will bring it to the next level:
|
This PR adds encrypted file headers, advanced versioning and schemas (built on top of
bincode
).We use:
Header metadata and preview media objects have been scrapped entirely for a new, generic object-based system (with enum type tagging).
We write the header's size, and then the header itself to the stream - I don't know if this is required at all. There's a high probability that
bincode
will handle it just fine, so I may drop this.We do need a better way to interface with the header objects directly, and we need the functionality to add/remove keyslots from the header (and update it, but that's the easy part). We should also probably limit the total size of the header objects, as there's no limit (there's only a limit on the amount of objects).
This PR breaks quite a lot of the current encryption/decryption features, but most of that is going to change anyway with the UX work that's planned so it's not major at all.