[tahoe-dev] encryption/decription keys
zooko
zooko at zooko.com
Fri Aug 22 09:42:54 PDT 2008
Welcome, Lauricarge.
> 1. Who generate file encryption key? Gateway or some of the nodes?
> Which? Where is the key saved? On the same file system with
> encrypted part of file or on any detachable device (USB-Flash)?
> 2. Who does decryption key generation? How the key will be generated?
> 3. How does decrypted file will be protected while download? HTTPS
> or ...?
The encryption key and the decryption key are the same (symmetric
encryption), and the key is stored inside the file capability to an
immutable file.
The key is generated by the node which uploads the immutable file to
the grid, which would be the gateway as described in about.html:
http://allmydata.org/source/tahoe/trunk/docs/about.html
A decrypted file would be protected during download from the gateway
to the web client either by HTTPS or because the gateway runs on the
same localhost as the client. :-) Or else the decrypted file could
be transferred unprotected over HTTP during download, if protecting
it at that step isn't necessary.
Hopefully this paper will also shed light on such questions:
http://allmydata.org/~zooko/lafs.pdf
Regards,
Zooko
---
http://allmydata.org -- Tahoe, the Least-Authority Filesystem
http://allmydata.com -- back up all your files for $5/month
More information about the tahoe-dev
mailing list