Okay, perfect! Thanks for letting me know. I'll probably hold off worrying about this until the TOML config lands, because I remember it being really tricky to get right the last time I played with it, but this sounds great.
On Fri, May 4, 2018 at 5:01 PM Brad Fitzpatrick <[email protected]> wrote: > On Fri, May 4, 2018 at 1:34 PM, Benjamin Pollack > <[email protected]> wrote: > > Hey all, > > > > I was taking a fresh look at Perkeep after the 0.10 release, and was > curious > > about the current state of encryption. As far as I can tell, it's still > > considered in-development/unstable, but I also saw that it'd been heavily > > updated for the 0.10 release. Is our data safe if we use encrypted > blobs, or > > should we still avoid that for production to avoid data loss? If we > should > > avoid it, what are people doing in practice to secure their blob > storage? I > > don't really care about the local copy running on my NAS, since that's > > firewalled and has encrypted drives that I control, but, IIUC, I'd really > > need to reach for something else right now if I wanted secure mirrors on > > Google/Azure/B2. Are people figuring this doesn't really matter for now, > or > > am I misunderstanding where GPG fits into things, or maybe people are > > running Perkeep localish and then going with an encrypted backup solution > > like Duplicity/restic/whatever, or what? > > Yeah, the encryption storage target's format was improved a ton for > 0.10, thanks to Filippo Valsorda. > > As it now has had a decent security review and now uses a standard > format (nacl/secretbox), you should be able to feel pretty confident > in it. We don't plan to change it now. > > Just don't lose your encryption key. > > And the GPG key used for signing claims is currently unrelated to the > encryption key we use for the nacl/secretbox storage. We might make > the default encryption key if left unspecified be your GPG identity in > the future. I just filed > https://github.com/perkeep/perkeep/issues/1149 for that. > > -- > You received this message because you are subscribed to the Google Groups > "Perkeep" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Perkeep" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
