search

jaraco / keyrings.alt

MIT License
24 stars 24 forks source link

Carefully enhance file and file_base modules #15

Closed frispete closed 7 years ago

frispete commented 7 years ago

to support file encryption in a extensible way.

The changes are backwards compatible, hence no harm is done for any existing users.

For the next step, a decision has to be made: move file_base to keyring.backend or not? @jaraco, what do you think?

jaraco commented 7 years ago

move file_base to keyring.backend or not?

I'm on the fence. Here's my hesitation - I don't want to encourage file-based backends by supporting them in the base library. On the other hand, the options remaining are (b) create a new library just for this base functionality (probably overkill) or (c) require that all file-based backends rely on keyrings.alt (which brings its own baggage). I'm happy to go with any of the three directions. What's your preference as the implementer of the first consuming lib? Let's go with your instinct.

frispete commented 7 years ago

My gut feeling is, that keeping them in keyrings.alt is the best option for now. Sure, this package carries some cruft, but as long as it builds, I'm fine with it.

jaraco commented 7 years ago

Sounds good. So is this PR ready? Could you do one more thing and add an entry to the CHANGES.rst file explaining the change?

frispete commented 7 years ago

Done.

frispete commented 7 years ago

With these patchsets, file.py and file_base.py are in sync with my project.

Major change is preparation for handling associated data, which is the result of discussing my approach at http://crypto.stackexchange.com. Since the built-in CFB mode is conceptually outdated, I refrained from adding some kind of associated data band-aid, which might give people the impression of being a secure scheme.

In keyrings.cryptfile, this infrastructure is used correctly. BTW, it gained support for all major AES AEAD modes, that PyCryptodome supports: CCM, EAX, GCM and OCB. In combination with Argon2, this is grown to a reasonably secure, tamper resistant keyring storage.

While at it, raise related test coverage significantly..

I've prepared this changeset by cherry picking the relevant data from my project. Hopefully, all is well.

frispete commented 7 years ago

Hi @jaraco, thank you for merging.

As for your valuable comments, they are much appreciated.

I'm about to leave, will reply to and fix them soon.