Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypted files are not self-contained #211

Open
C0rby opened this issue Aug 17, 2020 · 11 comments
Open

Encrypted files are not self-contained #211

C0rby opened this issue Aug 17, 2020 · 11 comments

Comments

@C0rby
Copy link
Contributor

C0rby commented Aug 17, 2020

Not all information that are relevant for verifying the integrity of the encrypted file blocks are stored within the files. The file versions are stored in the database instead. Due to this you have to backup the database in addition to the encrypted files and the key material to be able to properly decrypt the files again. This design decision can also lead to a loss of integrity when a database restore is required as the file versions within the database may not match the files on disk anymore.
@mmattel
Copy link
Contributor

mmattel commented Dec 4, 2020

Do you have an idea for a solution ?

@C0rby
Copy link
Contributor Author

C0rby commented Dec 4, 2020

One option is to add the file version to the encrypted file header.

@mmattel
Copy link
Contributor

mmattel commented Dec 4, 2020

Adding @micbar, maybe this of interest

@mmattel
Copy link
Contributor

mmattel commented Feb 12, 2021

@karakayasemi you have/gained a lot of experiences, maybe you have an idea 😃

@karakayasemi
Copy link
Contributor

@mmattel as @C0rby said, we can add this information to header. But, again we need to think about a solution for the old files.

We can first try to read file version from the header first, if we do not find in there, we can check from database.

@mmattel
Copy link
Contributor

mmattel commented Feb 16, 2021

good idea, could be combined with #224. When rewritten, add to header, remove from db...

@C0rby
Copy link
Contributor Author

C0rby commented Feb 16, 2021

@mmattel as @C0rby said, we can add this information to header. But, again we need to think about a solution for the old files.

We can first try to read file version from the header first, if we do not find in there, we can check from database.

I think this is the way to go.

When rewritten, add to header, remove from db...

The backend still needs the version field in the DB IIRC.

@karakayasemi
Copy link
Contributor

good idea, could be combined with #224. When rewritten, add to header, remove from db...

We can not combine with #224. It needs complete rewrite of the file with binary encoding.

@mmattel
Copy link
Contributor

mmattel commented Mar 5, 2021

@karakayasemi any news on that?

@mmattel
Copy link
Contributor

mmattel commented Mar 15, 2021

I regulary ping that issue... 😅

@yahesh
Copy link

yahesh commented Jul 19, 2023

Not all information that are relevant for verifying the integrity of the encrypted file blocks are stored within the files. The file versions are stored in the database instead. Due to this you have to backup the database in addition to the encrypted files and the key material to be able to properly decrypt the files again. This design decision can also lead to a loss of integrity when a database restore is required as the file versions within the database may not match the files on disk anymore.

I'm flattered by this verbatim quote of my paper. The whole text and additional improvements can be found in the whole document: https://eprint.iacr.org/2020/1439

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@yahesh @mmattel @C0rby @karakayasemi