dmathieu
commented
6 years ago How about, instead of adding an additional argument, handling both a string and an array of strings in secret?
Closed bigkevmcd closed 6 years ago
dmathieu
commented
6 years ago How about, instead of adding an additional argument, handling both a string and an array of strings in secret?
bigkevmcd
commented
6 years ago @dmathieu I've added support for this, but, in my view it's important to keep a separation between "primary key" and "other keys that can be used to decode".
It's not that important when verifying (tho', clearly, there's a performance concern), but in the surrounding code, you likely don't want to assemble "all the keys" in an array, and then just pass that around.
This allows us to roll encrypted data in a database, by changing to use a primary/secondary key, the primary key used for new encryptions, and the old for decrypting existing data.