Initial Cryptographic Support to have (some parts of) models en/de/crypted #284
Comments
vorburger
changed the title
|
No, the basics of this should of course work completely without any client/server; just locally. At its core, this is just an URI scheme, with a ResourceProvider? Like the (TBD)
Are there existing standards for this? Decrypt is via a key in TPM; may shell out to exec Model https://enola.dev/secret is:
CLI is via (TBD) Enola Actions, on Things; e.g. generate key, list keys, encrypt URL, decrypt secret. Password 🔑 Manager is then trivial and an obvious 1st application: just e.g. a class Website Thing, with a password property. The #607 format should directly support this. models/people/ can then contain e.g. phone numbers... 🔒 |
|
Actually, The "decrypted Form" of such secrets should use |
It could be fun to make it add initial basic crypto support to this project.
The way I imagine it working is that you would "tag" (with Proto extensions, perhaps?) some parts of models marked
secret. It would be nice to keep this nicely "modular" and avoid having to "bake this into the core" of Enola.The
secretparts of any model would then be encrypted on the client (CLI, for now, Web, later) and stored "encrypted at rest" on the server (e.g. in the File System Repository), and could later be decrypted again on the client.There are a bunch of pre-requisites for this, at least including:
enola putis missing, and it seems less fun without thatenola --serveris missing, as the "flip side" of the (existing)enola server[This was done in feat (cli): Introduce --server (still un-tested & un-documented) #300 and fix (cli): Download Descriptor Protos from Server (and --server etc. docz) #312.]The text was updated successfully, but these errors were encountered: