1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
1 <!DOCTYPE html> |
2 <html xmlns="http://www.w3.org/1999/xhtml"> |
2 <html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang=""> |
3 <head> |
3 <head> |
4 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
4 <meta charset="utf-8" /> |
5 <meta http-equiv="Content-Style-Type" content="text/css" /> |
|
6 <meta name="generator" content="pandoc" /> |
5 <meta name="generator" content="pandoc" /> |
|
6 <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" /> |
7 <title>Encryption</title> |
7 <title>Encryption</title> |
8 <style type="text/css">code{white-space: pre;}</style> |
8 <style type="text/css"> |
9 <link rel="stylesheet" href="davdoc.css" type="text/css" /> |
9 code{white-space: pre-wrap;} |
|
10 span.smallcaps{font-variant: small-caps;} |
|
11 span.underline{text-decoration: underline;} |
|
12 div.column{display: inline-block; vertical-align: top; width: 50%;} |
|
13 </style> |
|
14 <link rel="stylesheet" href="davdoc.css" /> |
|
15 <!--[if lt IE 9]> |
|
16 <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script> |
|
17 <![endif]--> |
10 </head> |
18 </head> |
11 <body> |
19 <body> |
12 <div class="header"> |
20 <div class="header"> |
13 <a href="./index.html"><span>DavUtils documentation</span></a> |
21 <a href="./index.html"><span>DavUtils documentation</span></a> |
14 </div> |
22 </div> |
24 <li><a href="put.html">put</a></li> |
32 <li><a href="put.html">put</a></li> |
25 <li><a href="mkdir.html">mkdir</a></li> |
33 <li><a href="mkdir.html">mkdir</a></li> |
26 <li><a href="remove.html">remove</a></li> |
34 <li><a href="remove.html">remove</a></li> |
27 <li><a href="copy.html">copy</a></li> |
35 <li><a href="copy.html">copy</a></li> |
28 <li><a href="move.html">move</a></li> |
36 <li><a href="move.html">move</a></li> |
|
37 <li><a href="rename.html">rename</a></li> |
29 <li><a href="export.html">export</a></li> |
38 <li><a href="export.html">export</a></li> |
30 <li><a href="import.html">import</a></li> |
39 <li><a href="import.html">import</a></li> |
31 <li><a href="get-property.html">get-property</a></li> |
40 <li><a href="get-property.html">get-property</a></li> |
32 <li><a href="set-property.html">set-property</a></li> |
41 <li><a href="set-property.html">set-property</a></li> |
33 <li><a href="remove-property.html">remove-property</a></li> |
42 <li><a href="remove-property.html">remove-property</a></li> |
34 <li><a href="lock.html">lock</a></li> |
43 <li><a href="lock.html">lock</a></li> |
35 <li><a href="unlock.html">unlock</a></li> |
44 <li><a href="unlock.html">unlock</a></li> |
36 <li><a href="info.html">info</a></li> |
45 <li><a href="info.html">info</a></li> |
37 <li><a href="date.html">date</a></li> |
46 <li><a href="date.html">date</a></li> |
|
47 <li><a href="versioncontrol.html">versioncontrol</a></li> |
|
48 <li><a href="list-versions.html">list-versions</a></li> |
|
49 <li><a href="checkout.html">checkout</a></li> |
|
50 <li><a href="checkin.html">checkin</a></li> |
|
51 <li><a href="uncheckout.html">uncheckout</a></li> |
38 <li><a href="add-repository.html">add-repository</a></li> |
52 <li><a href="add-repository.html">add-repository</a></li> |
39 <li><a href="remove-repository.html">remove-repository</a></li> |
53 <li><a href="remove-repository.html">remove-repository</a></li> |
40 <li><a href="list-repositories.html">list-repositories</a></li> |
54 <li><a href="list-repositories.html">list-repositories</a></li> |
|
55 <li><a href="repository-url.html">repository-url</a></li> |
|
56 <li><a href="add-user.html">add-user</a></li> |
|
57 <li><a href="remove-user.html">remove-user</a></li> |
|
58 <li><a href="edit-user.html">edit-user</a></li> |
|
59 <li><a href="list-users.html">list-users</a></li> |
41 <li><a href="check-config.html">check-config</a></li> |
60 <li><a href="check-config.html">check-config</a></li> |
42 </ul> |
61 </ul> |
43 <li><a href="configuration.html">Configuration</a></li> |
62 <li><a href="configuration.html">Configuration</a></li> |
44 <li><a href="encryption.html">Encryption</a></li> |
63 <li><a href="encryption.html">Encryption</a></li> |
45 </ul> |
64 </ul> |
51 <li><a href="sync-commands.html">Commands</a></li> |
70 <li><a href="sync-commands.html">Commands</a></li> |
52 <ul> |
71 <ul> |
53 <li><a href="pull.html">pull</a></li> |
72 <li><a href="pull.html">pull</a></li> |
54 <li><a href="push.html">push</a></li> |
73 <li><a href="push.html">push</a></li> |
55 <li><a href="archive.html">archive</a></li> |
74 <li><a href="archive.html">archive</a></li> |
56 <li><a href="list-conflicts.html">list-conflicts</a></li> |
75 <li><a href="restore.html">restore</a></li> |
|
76 <li><a href="list-conflicts.html">list-conflicts</a></li> |
57 <li><a href="resolve-conflicts.html">resolve-conflicts</a></li> |
77 <li><a href="resolve-conflicts.html">resolve-conflicts</a></li> |
58 <li><a href="delete-conflicts.html">delete-conflicts</a></li> |
78 <li><a href="delete-conflicts.html">delete-conflicts</a></li> |
59 <li><a href="trash-info.html">trash-info</a></li> |
79 <li><a href="trash-info.html">trash-info</a></li> |
60 <li><a href="empty-trash.html">empty-trash</a></li> |
80 <li><a href="empty-trash.html">empty-trash</a></li> |
|
81 <li><a href="list-versions.html">list-versions</a></li> |
61 <li><a href="add-tag.html">add-tag</a></li> |
82 <li><a href="add-tag.html">add-tag</a></li> |
62 <li><a href="remove-tag.html">remove-tag</a></li> |
83 <li><a href="remove-tag.html">remove-tag</a></li> |
63 <li><a href="set-tags.html">set-tags</a></li> |
84 <li><a href="set-tags.html">set-tags</a></li> |
64 <li><a href="list-tags.html">list-tags</a></li> |
85 <li><a href="list-tags.html">list-tags</a></li> |
65 <li><a href="add-directory.html">add-directory</a></li> |
86 <li><a href="add-directory.html">add-directory</a></li> |
72 </div> |
93 </div> |
73 </div> |
94 </div> |
74 |
95 |
75 <!-- begin content --> |
96 <!-- begin content --> |
76 <div class="content"> |
97 <div class="content"> |
77 <div id="header"> |
98 <header> |
78 <h1 class="title">Encryption</h1> |
99 <h1 class="title">Encryption</h1> |
79 </div> |
100 </header> |
80 <p>The davutils programs have an integrated client-side encryption feature, that allows you to encrypt and decrypt on the fly with AES256 or AES128. To use this feature, the server <strong>must</strong> support WebDAV dead properties.</p> |
101 <p>The davutils programs have an integrated client-side encryption feature, that allows you to encrypt and decrypt on the fly with AES256 or AES128. To use this feature, the server <strong>must</strong> support WebDAV dead properties.</p> |
81 <p>The tools support both, encryption of the resource content and encryption of the resource name. Each resource is encrypted separately. With activated name encryption, the actual resource name is disguised by a random name but the name used by the client is stored encrypted as a WebDAV property. This means, an attacker can see the directory structure and the file length, but can't guess the file names and in particular which files have the same name.</p> |
102 <p>The tools support both, encryption of the resource content and encryption of the resource name. Each resource is encrypted separately. With activated name encryption, the actual resource name is disguised by a random name but the name used by the client is stored encrypted as a WebDAV property. This means, an attacker can see the directory structure and the file length, but can’t guess the file names and in particular which files have the same name.</p> |
82 <p>To enable encryption a key must be configured in <code>$HOME/.dav/config.xml</code>. A key must have a unique name. To access encrypted resources, all clients must configure the same key with the same name. Currently a key can only be loaded from a file and not generated from a password.</p> |
103 <p>To enable encryption a key must be configured in <code>$HOME/.dav/config.xml</code>. A key must have a unique name. To access encrypted resources, all clients must configure the same key with the same name. Currently a key can only be loaded from a file and not generated from a password.</p> |
83 <p>A configuration for a key looks like:</p> |
104 <p>A configuration for a key looks like:</p> |
84 <pre><code><key> |
105 <pre><code><key> |
85 <name>mykey1</name> |
106 <name>mykey1</name> |
86 <file>keys/mykey1</file> |
107 <file>keys/mykey1</file> |