[Format v2] Upgrade mechanism #208
Labels
mlar
Concerns the mlar utility
Milestone
Comments
Open
10 tasks
8 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thoughts
Add the possibility to upgrade from a format v1 to a format v2 in
mlar.This could be part of the
convertcommand line or a dedicatedupgrade_v1_to_v2sub-action.In the current draft of the format v2, the upgrade consists of:
encryptare left unchangedencryptlayer, the AES-GCM key commitment ([AES-GCM] Add Key Commitment #206) is added and a public PQC key ([Format v2] Consider adding Post-Quantum cryptography with hybrid KEM for the encryption layer #195) is also provided.A possibility is to only update the first bytes of the layer, without re-encrypting the whole archive. But this solution:
The preferred method for now would be like
convert, ie. re-encrypting the whole archive with new keys materials.Implementation
MLA 2 will mainly consist of:
mla2.0.0: hybrid cryptography detailed inCRYPTO.mdfor the momentmlar2.0.0: supports MLA 2 onlyUpgrade mechanism will consist in specific versions of
mlar:mlar-legacy: mlar version that will support extraction (and repair) for MLA 1 and MLA 2 in addition with everythingmlar2 has : best option for current pipelines using MLAmlar-upgrade: mlar archive upgrader from MLA 1 to MLA 2 : option if you decide to only support MLA 2 in your pipelinesThe text was updated successfully, but these errors were encountered: