Open CMCDragonkai opened 2 years ago
I've been looking into encrypted file-format standards, as this will be important for any sort of backup, restore and even export functionality.
Suppose one has to export a PK file, or a set of files to a file on disk, but you want this file to be:
What would be a good file format for this? And something that we would want to natively support in PK instead of expecting users to use PGP or openssl?
Well I had a look at these links:
And here are my conclusions:
tar
or zip
prior, and therefore compression would also be done prior to any sort of encryption, and of course signature would end up becoming a separate fileI like the idea of simply exporting a PGP file, because it's quite portable, whereas age or minisign would not be as well known.
Need to point out that age
and minisign
has a nifty ability to use SSH keys to sign or encrypt. Would be cool, that you could end up using another person's SSH key to do it, or PGP key.
It turns out that bitwarden and 1password doesn't support attachments as part of their backup system: https://news.ycombinator.com/item?id=31702594. Kind of interesting, in our case we don't even have attachments at all, everything would be stored in the vault, which then goes to EFS and eventually the js-db.
Specification
Backup & Restore for PK.
PK currently doesn't have a backup and restore system. This is necessary to ensure safe usage of PK.
Currently users can synchronise PK vault state to other PK agents, but this only deals with vaults.
One can dogfood PK backup by keeping PK backups themselves in other PK vaults. Thus using PK as a "backup" system.
However PK vaults are not optimised for large files atm due to EFS issues, so this is not recommended yet.
Backup
.zip
archive, zip is better than tar because:pk backup
${nodePath}/backups
to keep a track a list of backups that exist, this can be useful to help solve #287Restore
pk restore
Not sure if they should be part of a new domain of subcommands or top level commands. It seems restoring has complexities due to existing agent or completely new agent state, and whether the root key is preserved.
Additional context
287 - schema migration should make use of this feature to ensure its schema migration is safe
Tasks