On Fri, May 4, 2018 at 1:34 PM, Benjamin Pollack <[email protected]> wrote: > Hey all, > > I was taking a fresh look at Perkeep after the 0.10 release, and was curious > about the current state of encryption. As far as I can tell, it's still > considered in-development/unstable, but I also saw that it'd been heavily > updated for the 0.10 release. Is our data safe if we use encrypted blobs, or > should we still avoid that for production to avoid data loss? If we should > avoid it, what are people doing in practice to secure their blob storage? I > don't really care about the local copy running on my NAS, since that's > firewalled and has encrypted drives that I control, but, IIUC, I'd really > need to reach for something else right now if I wanted secure mirrors on > Google/Azure/B2. Are people figuring this doesn't really matter for now, or > am I misunderstanding where GPG fits into things, or maybe people are > running Perkeep localish and then going with an encrypted backup solution > like Duplicity/restic/whatever, or what?
Yeah, the encryption storage target's format was improved a ton for 0.10, thanks to Filippo Valsorda. As it now has had a decent security review and now uses a standard format (nacl/secretbox), you should be able to feel pretty confident in it. We don't plan to change it now. Just don't lose your encryption key. And the GPG key used for signing claims is currently unrelated to the encryption key we use for the nacl/secretbox storage. We might make the default encryption key if left unspecified be your GPG identity in the future. I just filed https://github.com/perkeep/perkeep/issues/1149 for that. -- You received this message because you are subscribed to the Google Groups "Perkeep" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
