[tahoe-dev] usage of key file or smart card?
kpreid at mac.com
Mon Nov 23 22:46:43 UTC 2009
On Nov 23, 2009, at 16:43, Stefan Xenon wrote:
> How can a user configure if to use a per-file encryption or
> convergent encryption?
Convergent encryption is used, by definition, for immutable files --
the cap identifies the particular file content.
Encryption with a generated keypair is used, by definition, for
mutable files -- the read-cap contains the public key, and the write-
cap contains the private key.
As a matter of current usage, note that most "file" files are stored
as immutable files. Currently, directories (which are also files) are
always mutable files (i.e. entries can be added and removed) but there
is current work on adding immutable directories.
> AFAIK the key is included in the cap. With per-file encryption does
> the user need to note the cap for each file? How does this work for
> a backup scenario where the user also needs to backup the keys
> (separately) but which is not possible if the amount of keys depends
> on the amount of files?
The caps to the backed up files are stored in the directories. You
only need to keep a cap to the root of your backup directory tree.
Kevin Reid <http://switchb.org/kpreid/>
More information about the tahoe-dev