docs/html/encryption.html

Sat, 28 Mar 2020 16:04:46 +0100

author
Mike Becker <universe@uap-core.de>
date
Sat, 28 Mar 2020 16:04:46 +0100
branch
feature/dav-edit
changeset 711
8d40b5ccc43e
parent 704
8b88efcbf56f
permissions
-rw-r--r--

adds check for encryption key (otherwise segfault when trying to create a fresh encrypted file without a key)

704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
1 <!DOCTYPE html>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
2 <html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 <head>
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
4 <meta charset="utf-8" />
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 <meta name="generator" content="pandoc" />
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
6 <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
283
0e36bb75a732 adds dav-sync introduction and sync.xml documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 281
diff changeset
7 <title>Encryption</title>
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
8 <style type="text/css">
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
9 code{white-space: pre-wrap;}
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
10 span.smallcaps{font-variant: small-caps;}
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
11 span.underline{text-decoration: underline;}
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
12 div.column{display: inline-block; vertical-align: top; width: 50%;}
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
13 </style>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
14 <link rel="stylesheet" href="davdoc.css" />
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
15 <!--[if lt IE 9]>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
16 <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
17 <![endif]-->
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 </head>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 <body>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 <div class="header">
285
02d3e4b1245f adds some small fixes for 1.0 release
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 283
diff changeset
21 <a href="./index.html"><span>DavUtils documentation</span></a>
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 </div>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 <div class="sidebar">
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 <div class="nav">
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 <h3>dav</h3>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 <ul>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 <li><a href="getting-started.html">Getting started</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28 <li><a href="commands.html">Commands</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 <ul>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 <li><a href="list.html">list</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
31 <li><a href="get.html">get</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
32 <li><a href="put.html">put</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
33 <li><a href="mkdir.html">mkdir</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34 <li><a href="remove.html">remove</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
35 <li><a href="copy.html">copy</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
36 <li><a href="move.html">move</a></li>
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
37 <li><a href="rename.html">rename</a></li>
429
1607450065ba this could be the 1.2 release
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 320
diff changeset
38 <li><a href="export.html">export</a></li>
1607450065ba this could be the 1.2 release
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 320
diff changeset
39 <li><a href="import.html">import</a></li>
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
40 <li><a href="get-property.html">get-property</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
41 <li><a href="set-property.html">set-property</a></li>
320
12ed560c926c adds documentation for new features
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 285
diff changeset
42 <li><a href="remove-property.html">remove-property</a></li>
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43 <li><a href="lock.html">lock</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
44 <li><a href="unlock.html">unlock</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
45 <li><a href="info.html">info</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
46 <li><a href="date.html">date</a></li>
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
47 <li><a href="versioncontrol.html">versioncontrol</a></li>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
48 <li><a href="list-versions.html">list-versions</a></li>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
49 <li><a href="checkout.html">checkout</a></li>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
50 <li><a href="checkin.html">checkin</a></li>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
51 <li><a href="uncheckout.html">uncheckout</a></li>
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
52 <li><a href="add-repository.html">add-repository</a></li>
429
1607450065ba this could be the 1.2 release
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 320
diff changeset
53 <li><a href="remove-repository.html">remove-repository</a></li>
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
54 <li><a href="list-repositories.html">list-repositories</a></li>
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
55 <li><a href="repository-url.html">repository-url</a></li>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
56 <li><a href="add-user.html">add-user</a></li>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
57 <li><a href="remove-user.html">remove-user</a></li>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
58 <li><a href="edit-user.html">edit-user</a></li>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
59 <li><a href="list-users.html">list-users</a></li>
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 <li><a href="check-config.html">check-config</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
61 </ul>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
62 <li><a href="configuration.html">Configuration</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
63 <li><a href="encryption.html">Encryption</a></li>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
64 </ul>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
65 </div>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
66 <div class="nav">
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
67 <h3>dav-sync</h3>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
68 <ul>
273
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
69 <li><a href="introduction.html">Introduction</a></li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
70 <li><a href="sync-commands.html">Commands</a></li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
71 <ul>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
72 <li><a href="pull.html">pull</a></li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
73 <li><a href="push.html">push</a></li>
320
12ed560c926c adds documentation for new features
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 285
diff changeset
74 <li><a href="archive.html">archive</a></li>
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
75 <li><a href="restore.html">restore</a></li>
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
76 <li><a href="list-conflicts.html">list-conflicts</a></li>
273
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
77 <li><a href="resolve-conflicts.html">resolve-conflicts</a></li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
78 <li><a href="delete-conflicts.html">delete-conflicts</a></li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
79 <li><a href="trash-info.html">trash-info</a></li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
80 <li><a href="empty-trash.html">empty-trash</a></li>
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
81 <li><a href="list-versions.html">list-versions</a></li>
429
1607450065ba this could be the 1.2 release
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 320
diff changeset
82 <li><a href="add-tag.html">add-tag</a></li>
1607450065ba this could be the 1.2 release
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 320
diff changeset
83 <li><a href="remove-tag.html">remove-tag</a></li>
1607450065ba this could be the 1.2 release
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 320
diff changeset
84 <li><a href="set-tags.html">set-tags</a></li>
1607450065ba this could be the 1.2 release
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 320
diff changeset
85 <li><a href="list-tags.html">list-tags</a></li>
273
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
86 <li><a href="add-directory.html">add-directory</a></li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
87 <li><a href="list-directories.html">list-directories</a></li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
88 <li><a href="sync-check-config.html">check-config</a></li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
89 <li><a href="check-repositories.html">check-repositories</a></li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
90 </ul>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
91 <li><a href="sync-configuration.html">Configuration</a></li>
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
92 </ul>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
93 </div>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
94 </div>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
95
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
96 <!-- begin content -->
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
97 <div class="content">
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
98 <header>
283
0e36bb75a732 adds dav-sync introduction and sync.xml documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 281
diff changeset
99 <h1 class="title">Encryption</h1>
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
100 </header>
273
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
101 <p>The davutils programs have an integrated client-side encryption feature, that allows you to encrypt and decrypt on the fly with AES256 or AES128. To use this feature, the server <strong>must</strong> support WebDAV dead properties.</p>
704
8b88efcbf56f update html doc
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 563
diff changeset
102 <p>The tools support both, encryption of the resource content and encryption of the resource name. Each resource is encrypted separately. With activated name encryption, the actual resource name is disguised by a random name but the name used by the client is stored encrypted as a WebDAV property. This means, an attacker can see the directory structure and the file length, but can’t guess the file names and in particular which files have the same name.</p>
275
fa48ab29abd2 adds more details to add-directory.md
Mike Becker <universe@uap-core.de>
parents: 273
diff changeset
103 <p>To enable encryption a key must be configured in <code>$HOME/.dav/config.xml</code>. A key must have a unique name. To access encrypted resources, all clients must configure the same key with the same name. Currently a key can only be loaded from a file and not generated from a password.</p>
273
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
104 <p>A configuration for a key looks like:</p>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
105 <pre><code>&lt;key&gt;
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
106 &lt;name&gt;mykey1&lt;/name&gt;
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
107 &lt;file&gt;keys/mykey1&lt;/file&gt;
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
108 &lt;/key&gt; </code></pre>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
109 <p>The file path must be relative to <code>$HOME/.dav/</code>. In this example the file <code>$HOME/.dav/keys/mykey1</code> is loaded.</p>
281
ddb5e8f2a43d some more minor doc improvements
Mike Becker <universe@uap-core.de>
parents: 275
diff changeset
110 <p>To generate a key use <strong><code>dd</code></strong> on unix like systems. The following command generates a 256 bit (32 bytes) key for AES256 encryption.</p>
273
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
111 <pre><code>dd if=/dev/random of=mykey1 bs=32 count=1</code></pre>
281
ddb5e8f2a43d some more minor doc improvements
Mike Becker <universe@uap-core.de>
parents: 275
diff changeset
112 <p>After a key is configured, you can enable encryption/decryption in two ways. You can use the dav option <strong><code>-c</code></strong> to enable encryption and specify your key with the <strong><code>-k</code></strong> option. The alternative is to enable encryption by default for a repository in the config.xml file. You may also choose to specify the default key only and use <strong><code>-c</code></strong> where you like to use encryption.</p>
273
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
113 <pre><code>&lt;repository&gt;
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
114 &lt;name&gt;myrepo&lt;/name&gt;
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
115 &lt;url&gt;http://example.com/webdav/&lt;/url&gt;
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
116
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
117 &lt;default-key&gt;mykey1&lt;/default-key&gt;
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
118 &lt;full-encryption&gt;true&lt;/full-encryption&gt;
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
119 &lt;/repository&gt;</code></pre>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
120 <p>See <a href="./configuration.html">Configuration</a> for details.</p>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
121 <h2 id="internals">Internals</h2>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
122 <p>When a resource is encrypted, some crypto properties (namespace: http://davutils.org/) are set for the resource.</p>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
123 <ul>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
124 <li>crypto-key: Contains the name of the key used for encryption. The presence of this property indicates that the resource is encrypted</li>
281
ddb5e8f2a43d some more minor doc improvements
Mike Becker <universe@uap-core.de>
parents: 275
diff changeset
125 <li>crypto-hash: A hash of the cleartext, encrypted and base64 encoded</li>
273
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
126 <li>crypto-name: The name of the resource, encrypted and base64 encoded. This property is not used if name encryption is disabled.</li>
c743721d566f more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 266
diff changeset
127 </ul>
266
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
128 </div>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
129 <!-- end content -->
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
130 </body>
8c44c5919691 more documentation
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 </html>

mercurial