• file
• latest
• revisions
• annotate
• diff
• comparison
• raw

docs/html/encryption.html@c743721d566f (annotated)

docs/html/encryption.html

Thu, 03 Aug 2017 18:29:00 +0200

author

Olaf Wintermann <olaf.wintermann@gmail.com>

date

Thu, 03 Aug 2017 18:29:00 +0200

changeset 273

c743721d566f

parent 266

8c44c5919691

child 275

fa48ab29abd2

permissions

-rw-r--r--

more documentation

266 8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	1	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	2	<html xmlns="http://www.w3.org/1999/xhtml">
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	3	<head>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	4	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	5	<meta http-equiv="Content-Style-Type" content="text/css" />
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	6	<meta name="generator" content="pandoc" />
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	7	<title></title>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	8	<style type="text/css">code{white-space: pre;}</style>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	9	<link rel="stylesheet" href="davdoc.css" type="text/css" />
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	10	</head>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	11	<body>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	12	<div class="header">
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	13	<span>davutils documentation</span>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	14	</div>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	15	<div class="sidebar">
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	16	<div class="nav">
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	17	<h3>dav</h3>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	18	<ul>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	19	<li><a href="getting-started.html">Getting started</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	20	<li><a href="commands.html">Commands</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	21	<ul>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	22	<li><a href="list.html">list</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	23	<li><a href="get.html">get</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	24	<li><a href="put.html">put</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	25	<li><a href="mkdir.html">mkdir</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	26	<li><a href="remove.html">remove</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	27	<li><a href="copy.html">copy</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	28	<li><a href="move.html">move</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	29	<li><a href="get-property.html">get-property</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	30	<li><a href="set-property.html">set-property</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	31	<li><a href="lock.html">lock</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	32	<li><a href="unlock.html">unlock</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	33	<li><a href="info.html">info</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	34	<li><a href="date.html">date</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	35	<li><a href="add-repository.html">add-repository</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	36	<li><a href="list-repositories.html">list-repositories</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	37	<li><a href="check-config.html">check-config</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	38	</ul>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	39	<li><a href="configuration.html">Configuration</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	40	<li><a href="encryption.html">Encryption</a></li>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	41	</ul>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	42	</div>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	43	<div class="nav">
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	44	<h3>dav-sync</h3>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	45	<ul>
273 c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	46	<li><a href="introduction.html">Introduction</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	47	<li><a href="sync-commands.html">Commands</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	48	<ul>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	49	<li><a href="pull.html">pull</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	50	<li><a href="push.html">push</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	51	<li><a href="resolve-conflicts.html">resolve-conflicts</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	52	<li><a href="delete-conflicts.html">delete-conflicts</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	53	<li><a href="trash-info.html">trash-info</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	54	<li><a href="empty-trash.html">empty-trash</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	55	<li><a href="add-directory.html">add-directory</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	56	<li><a href="list-directories.html">list-directories</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	57	<li><a href="sync-check-config.html">check-config</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	58	<li><a href="check-repositories.html">check-repositories</a></li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	59	</ul>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	60	<li><a href="sync-configuration.html">Configuration</a></li>
266 8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	61	</ul>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	62	</div>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	63	</div>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	64
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	65	<!-- begin content -->
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	66	<div class="content">
273 c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	67	<h1 id="encryption">Encryption</h1>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	68	<p>The davutils programs have an integrated client-side encryption feature, that allows you to encrypt and decrypt on the fly with AES256 or AES128. To use this feature, the server <strong>must</strong> support WebDAV dead properties.</p>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	69	<p>The tools support both, encryption of the resource content and encryption of the resource name. Each resource is encrypted separately. With activated name encryption, the actual resource name is random but the name used by the client is stored encrypted in WebDAV properties. This means, an attacker can see the directory structure and the file length, but can't see which files have the same name.</p>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	70	<p>To enable encryption a key must be configured in <code>$HOME/.dav/config.xml</code>. A key must have an unique name. To access encrypted resources, all clients must configure the same key with the same name. Currently a key can only be loaded from a file and not generated from a password.</p>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	71	<p>A configuration for a key looks like:</p>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	72	<pre><code>&lt;key&gt;
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	73	&lt;name&gt;mykey1&lt;/name&gt;
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	74	&lt;file&gt;keys/mykey1&lt;/file&gt;
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	75	&lt;/key&gt; </code></pre>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	76	<p>The file path must be relative to <code>$HOME/.dav/</code>. In this example the file <code>$HOME/.dav/keys/mykey1</code> is loaded.</p>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	77	<p>To generate a key use <strong><code>dd</code></strong> on unix like systems.</p>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	78	<pre><code>dd if=/dev/random of=mykey1 bs=32 count=1</code></pre>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	79	<p>After a key is configured, you can enable encryption/decryption in two ways. You can use the dav option <strong><code>-c</code></strong> to enable encryption and specify your key with the <strong><code>-k</code></strong> option. The alternative is to enable encryption by default for a repository in the config.xml file.</p>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	80	<pre><code>&lt;repository&gt;
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	81	&lt;name&gt;myrepo&lt;/name&gt;
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	82	&lt;url&gt;http://example.com/webdav/&lt;/url&gt;
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	83
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	84	&lt;default-key&gt;mykey1&lt;/default-key&gt;
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	85	&lt;full-encryption&gt;true&lt;/full-encryption&gt;
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	86	&lt;/repository&gt;</code></pre>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	87	<p>See <a href="./configuration.html">Configuration</a> for details.</p>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	88	<h2 id="internals">Internals</h2>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	89	<p>When a resource is encrypted, some crypto properties (namespace: http://davutils.org/) are set for the resource.</p>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	90	<ul>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	91	<li>crypto-key: Contains the name of the key used for encryption. The presence of this property indicates that the resource is encrypted</li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	92	<li>crypto-hash: A Hash of the cleartext, encrypted and base64 encoded</li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	93	<li>crypto-name: The name of the resource, encrypted and base64 encoded. This property is not used if name encryption is disabled.</li>
c743721d566f more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: 266 diff changeset	94	</ul>
266 8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	95	</div>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	96	<!-- end content -->
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	97	</body>
8c44c5919691 more documentation Olaf Wintermann <olaf.wintermann@gmail.com> parents: diff changeset	98	</html>