aol / mrcrypt Goto Github PK
View Code? Open in Web Editor NEWA command-line tool that uses AWS KMS to encrypt secrets once, and decrypts them from multiple AWS regions.
License: Other
mrcrypt's People
Contributors
Stargazers
Watchers
mrcrypt's Issues
Add re-encrypt command
We should add the ability to re-encrypt files that are using the old uncompressed points, as suggested by @mattsb42-aws in #8.
Related: #10
Warning for files using an uncompressed key
If the user is decrypting a file that was encrypted with an uncompressed key, we should print out a warning telling them this.
update mrcrypt to use aws-encryption-cli for the majority of its logic
I know that we have previously discussed the possibility of mrcrypt migrating to use the AWS Encryption SDK for Python internally. However, now that we have released the AWS Encryption SDK CLI, I think that the best route to achieve this is to build on top of the CLI rather than the SDK directly.
The AWS Encryption SDK CLI provides all of the functionality of mrcrypt (with two exceptions that I discuss below), just with a different interface. So, what I think would make the most sense is to keep the mrcrypt parser and add a layer that translates the parsed arguments to arguments for the AWS Encryption SDK CLI.
I have a PoC put together on my fork that implements this. Before going any deeper, does this look like a direction that you would be interested in taking mrcrypt?
There are two places where the AWS Encryption SDK CLI (by design) does not match mrcrypt's feature set:
- uncompressed ECDSA public keys
- output file permissions
In the PoC, I address the uncompressed ECDSA public key problem with a custom cryptographic materials manager.
When we were looking at the question of what permissions to use for output files, we came to the conclusion that the AWS Encryption SDK CLI should not make any specific statements about the permissions, and instead simply honor the umask (on POSIX) or the parent directory permissions (on Windows). However, if you want to retain mrcrypt's behavior of setting specific permissions on the output files, this could be implemented by collecting the output metadata from the AWS Encryption SDK CLI, parsing it to determine what files were created, and changing the permissions on those files.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.