Add experimental crypto backend #645
Conversation
|
Interesting. |
dominikschulz
force-pushed
the
exp/xc
branch
3 times, most recently
from
9d9842f
to
d80bbcb
Compare
Codecov Report
@@ Coverage Diff @@
## master #645 +/- ##
=========================================
+ Coverage 58.83% 64.5% +5.67%
=========================================
Files 126 142 +16
Lines 7231 7950 +719
=========================================
+ Hits 4254 5128 +874
+ Misses 2384 2202 -182
- Partials 593 620 +27
Continue to review full report at Codecov.
|
dominikschulz
force-pushed
the
exp/xc
branch
4 times, most recently
from
832668e
to
b2c3963
Compare
dominikschulz
changed the title
|
Wow, that's a large one, don't know if I've got time to review it in full. Crypto primitives choice and design looks solid to me at first sight. Use of gob is a sane choice, but slightly disadvantegeous IMHO when interacting with other languages. Also I understand the secret format is now binary? That might make it a little harder interacting with a tool made for text files like git. |
|
Thank you for the input so far. I'll definitely have another look at the on disk format. The current approach is neither very interoperable nor does it properly solve the backward/forward compatibility. |
|
I've changed to on-disk format to use protobuf (version 3). This makes the seralization a lot cleaner, but still the whole branch needs a lot of testing. |
dominikschulz
force-pushed
the
exp/xc
branch
3 times, most recently
from
59198e3
to
1ad9171
Compare
dominikschulz
force-pushed
the
exp/xc
branch
3 times, most recently
from
31ff239
to
73e41f1
Compare
|
The code should be mostly fine now, but I still need to do some testing wrt. the new backend as well as the refactored old backends. |
dominikschulz
force-pushed
the
exp/xc
branch
2 times, most recently
from
1e9306f
to
3be4963
Compare
|
This PR should be OK to merge. There may be some issues due to the huge refactorings, but we'll fix them when we encounter them. At least the stuff that's unit and integration tested (and that's quite a lot by now) seems to work well. |
dominikschulz
force-pushed
the
exp/xc
branch
2 times, most recently
from
8b394cb
to
4e5b60c
Compare
dominikschulz
force-pushed
the
exp/xc
branch
4 times, most recently
from
4f8b57c
to
7d68a79
Compare
This commit adds an experimental crypto backend. It comes with it's own keyring as well as an agent. The crypto is based on NaCl and Argon2. The on-disk format uses protobuf version 3. Fixes gopasspw#154
dominikschulz
force-pushed
the
exp/xc
branch
from
7d68a79
to
c95d9dd
Compare
This commit adds an experimental crypto backend. It comes with it's own keyring as well as an agent. The crypto is based on NaCl and Argon2. The on-disk format uses protobuf version 3. Fixes gopasspw#154
Experimental Crypto Backend for gopass
This PR contains an experimental crypto backend for gopass.
The goal is to provide an implementation that is feature complete
compared to the GPG backend but doesn't require any external binaries,
especially no GPG. Of course this would break compatilibity to existing
GPG deployments and users of different pass implementations, but
especially for closed teams with no existing GPG deployment this should
make little different.
Motivation
While GPG is believed to be very secure and it supports a wide range of
applications and devices, it's not really user friendly. Even passioned
crypto experts don't enjoy working with GPG and for
newcomers it's a major hurdle. For the gopass developers it's about the
most time consuming task to provide support and implement workaround for
GPG issues. This doesn't mean that GPG is bad, but security is hard and
complex and GPG adds a lot of flexiblity on top of that so the result
is complex and complicated.
Status
Working, needs more testing.
Design