Implementing a db key validity check on starting the encrypted fs#57
Merged
scottmmorris merged 1 commit intomasterfrom Nov 30, 2021
Merged
Implementing a db key validity check on starting the encrypted fs#57scottmmorris merged 1 commit intomasterfrom
scottmmorris merged 1 commit intomasterfrom
Conversation
15 tasks
scottmmorris
force-pushed
the
key-validation-check
branch
from
a9ab22e to
4f4b0c7
Compare
scottmmorris
force-pushed
the
key-validation-check
branch
from
dce0ee6 to
6eedbc7
Compare
scottmmorris
force-pushed
the
key-validation-check
branch
from
c08e42b to
3ad24a3
Compare
Member
|
This is cool! But we realised we should probably do this against the |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
There needs to be a more explicit way of determining if the db key is valid for the encrypted fs. At the moment, the efs start up continues until it tries to decrypt existing state and cannot because the key is not valid.
To overcome this, a similar pattern to sentinel species will be used. On creation of the efs, we encrypt a known string into the db at the root level. Then on subsequent constructions, we access the string and if we cannot decrypt it then we know that the vault key is invalid and we therefore throw an error. If the string does not exist in the db then we start and put the known string in because we know its a new db.
Tasks
Final checklist