overheadhunter
commented
5 years ago On OS X, this is blocked by JDK-8030048 which doesn't seem like it's going to be resolved soon.
We might need a different way of storing xattr.
Open overheadhunter opened 5 years ago
overheadhunter
commented
5 years ago On OS X, this is blocked by JDK-8030048 which doesn't seem like it's going to be resolved soon.
We might need a different way of storing xattr.
overheadhunter
commented
3 years ago We can now start implementing this using JDK 17 early access builds. :tada:
If the underlying file system supports it, we should allow retrieval of a
UserDefinedFileAttributeView.Maximum xattr name length on macOS is 127 chars (255 on Linux, unknown on Windows). Subtracting the prefix, we have 118 usable chars to store a base64-encoded value or in other words: 87 bytes. If we subtract a 16 byte IV, we can store up to 71 cleartext bytes.
Therefore we need to decide, if this is sufficient or whether we want a deterministic scheme (SIV) and then hash the name, which slows down listing but essentially allows any length. We need to collect some data to decide this.
One further advantage of using SIV (+hash), is the ability to cache names and thus speed up xattr listings and decryption independent of the dir. This comes with the disadvantage, that xattr names repeat across different dirs, leaking some information.
Content encryption should be the same as for file contents.