1.1.0 • Published 7 years ago
manta-encryption v1.1.0
Manta Client Encryption
API
put(path, stream, { client, key, keyId, cipher }, callback)
path
: path to save file to in Mantastream
: file to put to Mantaclient
: Manta client instancekey
: private key to use for encryptionkeyId
: ID for key, will be saved with file metadatacipher
: encryption cipher to use in the form alg/width/mode (e.g.aes/192/cbc
)
The callback
has the signature (err, stream, res)
get(path, { client, getKey }, callback)
path
: Manta path to file to downloadclient
: Manta client instancegetKey
: function that takes akeyId
and returns in the callback the key. The callback has the form(err, key)
The callback
has the signature (err, stream, res)
Security Checks
- The encrypted file has an HMAC generated for it using sha256 to detect tampering
- The unencrypted file is hashed and compared to the original, as well as the original byte length, to detect tampering
Security Considerations
- Do not store the private key in the same place/datacenter as you are storing the encrypted files
See example.js for usage examples.