Currently eldim uses the TripleSec encryption algorithm for stored files, which is not necessarily designed for file encryption. It requires the entire content to be in-memory for encryption to happen, and it is suspected of crashing eldim once in the past, over many years of the tool running.
There is a new file encryption standard, age, which looks very promising, and most importantly it can support asymmetric encryption, which will not require eldim servers to have the decryption keys for the data passing through eldim.
The age tool has a Go library that can handle encryption, given one or more public keys. The key files should be passed as a list of filenames via the configuration file, and eldim must encrypt the content with the given keys, so any of the keys can decrypt the end file.
The command line tool of eldim should be modified to support versions (v1 & v2), and eldim should somehow signal the version, ideally by appending a specific extension to all uploaded files, such as .eldim2. The command line tool should be able to decrypt the file based on the input file name, but must also accept explicit version to decrypt data as.
Currently
eldim
uses the TripleSec encryption algorithm for stored files, which is not necessarily designed for file encryption. It requires the entire content to be in-memory for encryption to happen, and it is suspected of crashingeldim
once in the past, over many years of the tool running.There is a new file encryption standard, age, which looks very promising, and most importantly it can support asymmetric encryption, which will not require
eldim
servers to have the decryption keys for the data passing througheldim
.The
age
tool has a Go library that can handle encryption, given one or more public keys. The key files should be passed as a list of filenames via the configuration file, andeldim
must encrypt the content with the given keys, so any of the keys can decrypt the end file.The command line tool of
eldim
should be modified to support versions (v1
&v2
), andeldim
should somehow signal the version, ideally by appending a specific extension to all uploaded files, such as.eldim2
. The command line tool should be able to decrypt the file based on the input file name, but must also accept explicit version to decrypt data as.