Fail Decryption if encryption key is nil #39
Comments
|
Was just reading over this idea and found myself confused. When you say "but it results in nil," does "it" refer to the decryption key itself or the result of trying to decrypt the file? Or something else entirely? I feel like I might be able to give some input on this if I knew the answer to that question... |
|
I think i meant that decryption_key is blank or perhaps just wrong.
|
|
Meaning that s3_file should try to validate the decryption key somehow (possibly a good idea--just making sure we're talking about the same thing)? |
|
Yes or have a method that verifies that the file just decrypted matches the
|
If in your s3_file recipe you include decryption_key but it results in nil have s3_file fail.
There are a number of ways to fix this. The easiest that I can think of is to have the decryption_key value be -1 instead of nil. That way if it is -1 s3_file just downloads the file. If it is nil then someone forgot to set the key.
Another way is to have the tools record a salt in the header of the file and then the same salt in the header of the encrypted file. Once decryption takes place, if the header salts do not match throw an error.
Another failure mode would be to have it checksum the decrypted file if the checksum is provided.
Comments, thoughts, ideas?
The text was updated successfully, but these errors were encountered: