Add SHA256 value of 'before' chunk to xbcrypt payload
Extend the xbcrypt header to include a 'before' encryption crc32/MD5/hash or something so that it can be tested after decompression for validity.
Blueprint information
- Status:
- Complete
- Approver:
- Sergei Glushchenko
- Priority:
- High
- Drafter:
- Sergei Glushchenko
- Direction:
- Needs approval
- Assignee:
- Sergei Glushchenko
- Definition:
- Drafting
- Series goal:
- Accepted for 2.3
- Implementation:
-
Implemented
- Milestone target:
-
2.3.6
- Started by
- Sergei Glushchenko
- Completed by
- Sergei Glushchenko
Related branches
Sprints
Whiteboard
See https:/
When incorrect encryption key specified we should fail with proper error message.
When we are trying to decrypt earlier encrypted backup, we should still keep unencrypted files.
When we are able to verify that files decrypted successfully we should delete encrypted file.
****
xbcrypt format changed as following:
1. Bump XBCRYPT header version number, current is "XBCRYP03"
2. Append 32-byte SHA256 hash of the plaintext to the payload of each
chunk
3. Encrypt plaintext payload and hash all together
4. Both original length and encrypted length fields of the chunk
header are calculated including these extra 32 bytes.
