On 04/13/2014 01:46 PM, Adrin wrote:
> Hi,
>
> I'm not sure if I understand it correctly, but is it true that you are
> storing the AES key along with the data?
Yes.
> Then what's the point of encrypting the data in the fist place?
The AES key itself is encrypted with a second AES key, that is not
stored anywhere (unless you put it in ~/.s3ql/authinfo).
The reason for having two separate keys is that it allows you to change
your passphrase. If you would encrypt all the data with the passphrase
directly, then in order to change the passphrase you'd have to download,
decrypt, encrypt, and re-upload your entire file system.
In contrast, if you have two keys (the "master" key that encrypts the
data, and the "passphrase" that is used to decrypt the master key) all
you need to do to change the passphrase is download, decrypt, re-encrypt
and re-upload the master key.
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
--
You received this message because you are subscribed to the Google Groups
"s3ql" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
