Obnamblog2025 Obnam 3: place holder for encryption
  1. Goal
  2. Plan
  3. Notes
  4. Summary
  5. Comments?

Goal

I'm a little tired this Sunday morning, so I'm going to set what I hope is a modest goal:

  • Start of encryption: obnam chunk encrypt and obnam chunk decrypt that are like encode and decode, but with an extra required option --key KEY.
  • Change obnam chunk inspect to support encrypted chunks: shows what is in the encrypted chunk before encrypting, and if given a key, what is in a decrypted chunk as well.

Acceptance criteria is that an encryption round trip works and this is verified by a Subplot scenario.

Plan

  • Add the encrypt and decrypt commands, as place holders, without actual encryption, but with all the scaffolding in place. What will eventually be encrypted data will just be an encoded clear text chunk.
  • Make sure inspect handles this.
  • Add actual encryption using the aes-gcm-siv crate.

Notes

  • Made tea.

Place holder commands

  • Copy-pasted the encode and decode commands, and renamed the copies. Ditto the verification scenarios. This works, but of course no encryption happens.
  • Next I want to wrap the clear text chunk in a way that enables me to store ciphertext later, when I get there. The same concerns about versioning apply as for clear text chunks, so I'm going just copy the same structure.
  • For now I'm simulating the encryption by merely encoding the clear text chunk in binary form.
  • That was pretty straightforward, for once.
  • When inspecting a chunk that may be encrypted or not, I would prefer to not make the user tell which it is, by default. It'll be more convenient to have the program try to detect this automatically, but allow the user to specify what they expect, for completeness. In either case, the output will differ.
  • This means encrypted and clear text chunks need different magic cookies so that they can be told apart.
  • Do I want to retain the possibility of having clear text chunks? I guess it may be helpful for debugging later.
  • I can be lazy and drop the inspect auto-detection, or I can make duplicate cookies for encrypted chunk encoding.
  • In either case, the output should say if the input was encrypted or clear text.
  • Ran into a bug. Encrypted chunk only contains the text of the clear text chunk, not the whole clear text chunk encoding. But can't see where this happens.
  • No, it does. I'm just confused. Maybe too tired.
  • Oh, I see what's going on. My code for inspecting an encrypted chunk doesn't decode the ciphertext as a clear text chunk.
  • Fixed that.
  • I now realize that numbering cookies is unnecessary cognitive burden. I'll rename them to COOKIE_JSON and COOKIE_POSTCARD for clarity.
  • Also add separate cookies for encrypted chunks. It's just tidier that way.

Running out of time

I'm running out of time. I reached my goal, so that's fine, but if I'd have more time today, I could move on to actually adding encryption. As it is, I'm not going to merge this code. I'll add the encryption support first. Pushed a Radicle patch and CI runs fine on that, at least. This is a good place to pause until next time.

Summary

  • It's not often a good idea to write code when tired, but sometimes needs must.
  • I have all the scaffolding in place to actually implement encryption next time. I'd like to do at least two methods, one using the aes-gcm-siv crate. Not sure what the other one will be, but if nothing else, I can do "XOR on key". That's an awful encryption method, but the goal here would be to make sure I have at least two so that where my code does encryption or decryption handles all the cases.

Comments?

If you have feedback on this development session, please use the following fediverse thread: https://toot.liw.fi/@liw/114289873434226266