Sun, 06 Aug 2017 18:18:00 +0200
adds some small fixes for 1.0 release
266 | 1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
2 | <html xmlns="http://www.w3.org/1999/xhtml"> | |
3 | <head> | |
4 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | |
5 | <meta http-equiv="Content-Style-Type" content="text/css" /> | |
6 | <meta name="generator" content="pandoc" /> | |
283
0e36bb75a732
adds dav-sync introduction and sync.xml documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
281
diff
changeset
|
7 | <title>Encryption</title> |
266 | 8 | <style type="text/css">code{white-space: pre;}</style> |
9 | <link rel="stylesheet" href="davdoc.css" type="text/css" /> | |
10 | </head> | |
11 | <body> | |
12 | <div class="header"> | |
285
02d3e4b1245f
adds some small fixes for 1.0 release
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
283
diff
changeset
|
13 | <a href="./index.html"><span>DavUtils documentation</span></a> |
266 | 14 | </div> |
15 | <div class="sidebar"> | |
16 | <div class="nav"> | |
17 | <h3>dav</h3> | |
18 | <ul> | |
19 | <li><a href="getting-started.html">Getting started</a></li> | |
20 | <li><a href="commands.html">Commands</a></li> | |
21 | <ul> | |
22 | <li><a href="list.html">list</a></li> | |
23 | <li><a href="get.html">get</a></li> | |
24 | <li><a href="put.html">put</a></li> | |
25 | <li><a href="mkdir.html">mkdir</a></li> | |
26 | <li><a href="remove.html">remove</a></li> | |
27 | <li><a href="copy.html">copy</a></li> | |
28 | <li><a href="move.html">move</a></li> | |
29 | <li><a href="get-property.html">get-property</a></li> | |
30 | <li><a href="set-property.html">set-property</a></li> | |
31 | <li><a href="lock.html">lock</a></li> | |
32 | <li><a href="unlock.html">unlock</a></li> | |
33 | <li><a href="info.html">info</a></li> | |
34 | <li><a href="date.html">date</a></li> | |
35 | <li><a href="add-repository.html">add-repository</a></li> | |
36 | <li><a href="list-repositories.html">list-repositories</a></li> | |
37 | <li><a href="check-config.html">check-config</a></li> | |
38 | </ul> | |
39 | <li><a href="configuration.html">Configuration</a></li> | |
40 | <li><a href="encryption.html">Encryption</a></li> | |
41 | </ul> | |
42 | </div> | |
43 | <div class="nav"> | |
44 | <h3>dav-sync</h3> | |
45 | <ul> | |
273
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
46 | <li><a href="introduction.html">Introduction</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
47 | <li><a href="sync-commands.html">Commands</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
48 | <ul> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
49 | <li><a href="pull.html">pull</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
50 | <li><a href="push.html">push</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
51 | <li><a href="resolve-conflicts.html">resolve-conflicts</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
52 | <li><a href="delete-conflicts.html">delete-conflicts</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
53 | <li><a href="trash-info.html">trash-info</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
54 | <li><a href="empty-trash.html">empty-trash</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
55 | <li><a href="add-directory.html">add-directory</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
56 | <li><a href="list-directories.html">list-directories</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
57 | <li><a href="sync-check-config.html">check-config</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
58 | <li><a href="check-repositories.html">check-repositories</a></li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
59 | </ul> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
60 | <li><a href="sync-configuration.html">Configuration</a></li> |
266 | 61 | </ul> |
62 | </div> | |
63 | </div> | |
64 | ||
65 | <!-- begin content --> | |
66 | <div class="content"> | |
283
0e36bb75a732
adds dav-sync introduction and sync.xml documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
281
diff
changeset
|
67 | <div id="header"> |
0e36bb75a732
adds dav-sync introduction and sync.xml documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
281
diff
changeset
|
68 | <h1 class="title">Encryption</h1> |
0e36bb75a732
adds dav-sync introduction and sync.xml documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
281
diff
changeset
|
69 | </div> |
273
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
70 | <p>The davutils programs have an integrated client-side encryption feature, that allows you to encrypt and decrypt on the fly with AES256 or AES128. To use this feature, the server <strong>must</strong> support WebDAV dead properties.</p> |
281
ddb5e8f2a43d
some more minor doc improvements
Mike Becker <universe@uap-core.de>
parents:
275
diff
changeset
|
71 | <p>The tools support both, encryption of the resource content and encryption of the resource name. Each resource is encrypted separately. With activated name encryption, the actual resource name is disguised by a random name but the name used by the client is stored encrypted as a WebDAV property. This means, an attacker can see the directory structure and the file length, but can't guess the file names and in particular which files have the same name.</p> |
275
fa48ab29abd2
adds more details to add-directory.md
Mike Becker <universe@uap-core.de>
parents:
273
diff
changeset
|
72 | <p>To enable encryption a key must be configured in <code>$HOME/.dav/config.xml</code>. A key must have a unique name. To access encrypted resources, all clients must configure the same key with the same name. Currently a key can only be loaded from a file and not generated from a password.</p> |
273
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
73 | <p>A configuration for a key looks like:</p> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
74 | <pre><code><key> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
75 | <name>mykey1</name> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
76 | <file>keys/mykey1</file> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
77 | </key> </code></pre> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
78 | <p>The file path must be relative to <code>$HOME/.dav/</code>. In this example the file <code>$HOME/.dav/keys/mykey1</code> is loaded.</p> |
281
ddb5e8f2a43d
some more minor doc improvements
Mike Becker <universe@uap-core.de>
parents:
275
diff
changeset
|
79 | <p>To generate a key use <strong><code>dd</code></strong> on unix like systems. The following command generates a 256 bit (32 bytes) key for AES256 encryption.</p> |
273
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
80 | <pre><code>dd if=/dev/random of=mykey1 bs=32 count=1</code></pre> |
281
ddb5e8f2a43d
some more minor doc improvements
Mike Becker <universe@uap-core.de>
parents:
275
diff
changeset
|
81 | <p>After a key is configured, you can enable encryption/decryption in two ways. You can use the dav option <strong><code>-c</code></strong> to enable encryption and specify your key with the <strong><code>-k</code></strong> option. The alternative is to enable encryption by default for a repository in the config.xml file. You may also choose to specify the default key only and use <strong><code>-c</code></strong> where you like to use encryption.</p> |
273
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
82 | <pre><code><repository> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
83 | <name>myrepo</name> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
84 | <url>http://example.com/webdav/</url> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
85 | |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
86 | <default-key>mykey1</default-key> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
87 | <full-encryption>true</full-encryption> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
88 | </repository></code></pre> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
89 | <p>See <a href="./configuration.html">Configuration</a> for details.</p> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
90 | <h2 id="internals">Internals</h2> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
91 | <p>When a resource is encrypted, some crypto properties (namespace: http://davutils.org/) are set for the resource.</p> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
92 | <ul> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
93 | <li>crypto-key: Contains the name of the key used for encryption. The presence of this property indicates that the resource is encrypted</li> |
281
ddb5e8f2a43d
some more minor doc improvements
Mike Becker <universe@uap-core.de>
parents:
275
diff
changeset
|
94 | <li>crypto-hash: A hash of the cleartext, encrypted and base64 encoded</li> |
273
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
95 | <li>crypto-name: The name of the resource, encrypted and base64 encoded. This property is not used if name encryption is disabled.</li> |
c743721d566f
more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
266
diff
changeset
|
96 | </ul> |
266 | 97 | </div> |
98 | <!-- end content --> | |
99 | </body> | |
100 | </html> |