s3_file icon indicating copy to clipboard operation
s3_file copied to clipboard

Published 20 hours ago verified publisher icon adamsb6

Fail Decryption if encryption key is nil

Open joekiller opened this issue 10 years ago • 4 comments

If in your s3_file recipe you include decryption_key but it results in nil have s3_file fail.

There are a number of ways to fix this. The easiest that I can think of is to have the decryption_key value be -1 instead of nil. That way if it is -1 s3_file just downloads the file. If it is nil then someone forgot to set the key.

Another way is to have the tools record a salt in the header of the file and then the same salt in the header of the encrypted file. Once decryption takes place, if the header salts do not match throw an error.

Another failure mode would be to have it checksum the decrypted file if the checksum is provided.

Comments, thoughts, ideas?

joekiller avatar Dec 12 '14 18:12 joekiller

Was just reading over this idea and found myself confused. When you say "but it results in nil," does "it" refer to the decryption key itself or the result of trying to decrypt the file? Or something else entirely? I feel like I might be able to give some input on this if I knew the answer to that question...

eherot avatar Jan 20 '15 23:01 eherot

I think i meant that decryption_key is blank or perhaps just wrong. On Jan 20, 2015 6:39 PM, "Eric Herot" [email protected] wrote:

Was just reading over this idea and found myself confused. When you say "but it results in nil," does "it" refer to the decryption key itself or the result of trying to decrypt the file? Or something else entirely? I feel like I might be able to give some input on this if I knew the answer to that question...

— Reply to this email directly or view it on GitHub https://github.com/adamsb6/s3_file/issues/39#issuecomment-70757486.

joekiller avatar Jan 21 '15 00:01 joekiller

Meaning that s3_file should try to validate the decryption key somehow (possibly a good idea--just making sure we're talking about the same thing)?

eherot avatar Jan 21 '15 00:01 eherot

Yes or have a method that verifies that the file just decrypted matches the correct checksum. But the idea circles around to is my decrypt stuff working correctly. Currently if you provide the wrong key you just get a garbled file. On Jan 20, 2015 7:03 PM, "Eric Herot" [email protected] wrote:

Meaning that s3_file should try to validate the decryption key somehow (possibly a good idea--just making sure we're talking about the same thing)?

— Reply to this email directly or view it on GitHub https://github.com/adamsb6/s3_file/issues/39#issuecomment-70760270.

joekiller avatar Jan 21 '15 00:01 joekiller