Skip to content
This repository has been archived by the owner on Dec 4, 2019. It is now read-only.

Add encryption mode support #18

Merged
merged 3 commits into from
Mar 21, 2018
Merged

Add encryption mode support #18

merged 3 commits into from
Mar 21, 2018

Conversation

enj
Copy link
Owner

@enj enj commented Mar 21, 2018

Fixes #12
Enables #1

npmccallum
npmccallum reviewed Mar 21, 2018
View reviewed changes
README.md
@@ -25,13 +25,15 @@ socket activation is assumed.

### Required

* `-command string`: the command to retrieve the key encryption key
* `--command string`: the command to retrieve the key encryption key
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

$ ./kms -help
Usage of ./kms:
  -command string
    	the command to retrieve the key encryption key
  -endpoint string
    	the listen address (ex. unix:///tmp/kms.sock)
  -timeout duration
    	maximum time to cache KEK locally (default 1h0m0s)

Can you clarify the difference between single and double dash in this case?

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is none (both do the same exact thing). I just really prefer -- (and it matches how kubectl, oc, etc print their flags).

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can see if there is a simple way to override how the flags print so they have double dash.

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#20 to track

@npmccallum
Copy link
Collaborator

AFAICS, the project won't compile in between the first and second commit. Commits should always compile (and pass tests). I think the first change should do this:

  1. Extract interface.
  2. Put AESCBC code into a module.
  3. Update references so that the code builds.

@enj
Copy link
Owner Author

enj commented Mar 21, 2018

@npmccallum pretty sure you are just asking me to squash the first two commits. I purposefully did not do that because I wanted the git diffs to stay small.

@npmccallum
Copy link
Collaborator

Except that the cost of doing that is having a bisect that can't work. That's a very high price for a file rename commit (which is not necessary in git).

enj added 3 commits March 21, 2018 13:57
@enj
Split out AES encryption package
2806b19 
Signed-off-by: Monis Khan <[email protected]>
@enj
Add encryption mode support
d8406dd 
This change adds the ability to have different encryption modes.
Currently only AES-CBC is supported, but this will make it simple to
add new modes such as secretbox.  The mode is configurable via a new
homonymous command line flag.  The mode specification is stored as a
prefix with the encrypted data.  It is validated during decryption.

The format is:

:ck:<mode_name>:<mode_version>:

Thus for AES-CBC the value is:

:ck:aescbc:v1:

The mode version is reserved in case we need to make any backwards
incompatible changes to how the encrypted data is stored.

Signed-off-by: Monis Khan <[email protected]>
@enj
Update docs to include mode flag
3b67796 
Signed-off-by: Monis Khan <[email protected]>
@enj enj force-pushed the enj/i/crypto_mode/12 branch from b6e4e9e to 3b67796 Compare March 21, 2018 17:58
npmccallum
npmccallum reviewed Mar 21, 2018
View reviewed changes
Copy link
Collaborator

@npmccallum npmccallum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure that if you do a git mv and then do your edits the diff will be much smaller.

@npmccallum npmccallum merged commit 280c2dd into master Mar 21, 2018
@enj enj deleted the enj/i/crypto_mode/12 branch March 21, 2018 18:20
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@npmccallum npmccallum npmccallum approved these changes

@benjaminapetersen benjaminapetersen Awaiting requested review from benjaminapetersen

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@enj @npmccallum