MLA icon indicating copy to clipboard operation
MLA copied to clipboard
verified publisher icon ANSSI-FR

[Format v2] Upgrade mechanism

Open commial opened this issue 1 year ago • 0 comments

Add the possibility to upgrade from a format v1 to a format v2 in mlar.

This could be part of the convert command line or a dedicated upgrade_v1_to_v2 sub-action. In the current draft of the format v2, the upgrade consists of:

  • all layers except encrypt are left unchanged
  • in MLA header, the version tag is set to 2
  • in the encrypt layer, the AES-GCM key commitment (#206) is added and a public PQC key (#195) is also provided.

A possibility is to only update the first bytes of the layer, without re-encrypting the whole archive. But this solution:

  • does not renew the key, which might not be expected
  • could be problematic if some PQC key for recipients are missing

The preferred method for now would be like convert, ie. re-encrypting the whole archive with new keys materials.

commial avatar Jul 22 '24 12:07 commial