You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi there, sorry for the stupid question.
Having read the specification I was a bit unsure about one thing: After encryption are age recipient ids or ssh public keys (or anything that can be used to produce a forged file for the given recipient) embedded in the encrypted blob such that any person can decode them and encrypt random data with it?
To describe the background a bit:
I want to distribute age encrypted files with the respective hash of the recipient identity in order to identify file blobs by who created it but not make it possible to forge new encrypted files by the people having the encrypted files.
This probably relates to #229. As far as I could get from the blog post, as long as you keep your age recipient ids private you should be (fairly) certain that nobody forges new files that can be decrypted with your private key.
If this understanding is correct: Is this a general property holding for all recipient types like ssh or the yubikey recipient? Looking at the spec it says that "an identifier of the specific recipient (for example, a short hash of the public key)" may be included. Is this something that depends on plugin implementations whether they include merely a hash or the whole id?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi there, sorry for the stupid question.
Having read the specification I was a bit unsure about one thing: After encryption are age recipient ids or ssh public keys (or anything that can be used to produce a forged file for the given recipient) embedded in the encrypted blob such that any person can decode them and encrypt random data with it?
To describe the background a bit:
I want to distribute age encrypted files with the respective hash of the recipient identity in order to identify file blobs by who created it but not make it possible to forge new encrypted files by the people having the encrypted files.
This probably relates to #229. As far as I could get from the blog post, as long as you keep your age recipient ids private you should be (fairly) certain that nobody forges new files that can be decrypted with your private key.
If this understanding is correct: Is this a general property holding for all recipient types like ssh or the yubikey recipient? Looking at the spec it says that "an identifier of the specific recipient (for example, a short hash of the public key)" may be included. Is this something that depends on plugin implementations whether they include merely a hash or the whole id?
Beta Was this translation helpful? Give feedback.
All reactions