sops icon indicating copy to clipboard operation
sops copied to clipboard
verified publisher icon getsops

Wishlist / reminders for a new protocol format

Open felixfontein opened this issue 1 year ago • 1 comments

This issue is to keep track of things that should be changed / improved when we want to update SOPS's encrypted file format.

  • MAC:

    • Do not ignore null values: https://github.com/getsops/sops/issues/828
    • Include keys in MAC computation to avoid problem described in https://github.com/getsops/sops/issues/52#issuecomment-2566569931

  • Encrypted data:

    • Add padding to not fully reveal the length of the clear text data (https://github.com/getsops/sops/issues/815)
    • Eventually even encrypt null: https://github.com/getsops/sops/issues/828#issuecomment-796132557
    • Use protobuf instead of own format: https://github.com/getsops/sops/issues/815#issuecomment-785158790

felixfontein avatar Jan 01 '25 21:01 felixfontein

Round-trip safe presentation of data, like getting back 1.10, 0x1_5, etc. after decryption when that was the input value. There's always the question of how far this can and should go, like preserving other YAML properties (tags, flow style, whether strings use quoting, what kind of quoting, multiline string representation, etc.).

Ref: https://github.com/getsops/sops/issues/1616#issuecomment-2661431076

felixfontein avatar Feb 16 '25 13:02 felixfontein