Re: Partial transfer of rsyncrypto encrypted files

Fri, 31 Jul 2009 04:07:03 -0700 

Jan Alphenaar wrote:


Shachar,


 

Ok, mystery solved. After the file is encrypted for the first time, my 
script deletes the key file. When the file is encrypted a second time, 
rsyncrypto creates a new key file, and also generates a completely new 
encrypted output file (that is why rsync is fully transferring the 
file again).



 

If the key file is not deleted, rsyncrypto delivers the same output 
file, so rsync can use the rsync algorithm.



 

This leaves me here with one question. Is it possible to have the same 
encrypted file without keeping the key file on my pc ?



 


Thanks for the replies.


 


Regards,


 


Jan


 


Rsyncrypto, while doing lots of stuff differently, is still modeled 
after the classic encryption method. This means that there is one 
asymmetric key to unlock all the files, but each file is encrypted with 
its own symmetric (or "session") key. This is done for security 
considerations, and cannot be turned off without some serious rethinking 
of the security of the process.



If you delete the session key, the only place it is kept is, encrypted, 
inside the encrypted file. In fact, it is this re-encryption of the 
session key that is the header that changes between encryptions. If you 
just run rsyncrypto again, a new session key will be generated, and, 
obviously, the file will look completely different.



All is not lost. If you have the RSA private key and the old encrypted 
file, you can use rsyncrypto to recover the previous session key. Simply 
perform a decryption, and the session key will be generated. Then use 
that same session key to encrypt again.



Of course, with the session key being 68 bytes and your encrypted file 
being 1GB, the simplest thing to do is just keep the session key around 
and not erase it.


Shachar


--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Rsyncrypto-devel mailing list
Rsyncrypto-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsyncrypto-devel






















					Reply via email to