Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 60638 invoked from network); 13 Apr 2011 05:35:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 13 Apr 2011 05:35:21 -0000 Received: (qmail 30449 invoked by uid 500); 13 Apr 2011 05:35:20 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 30192 invoked by uid 500); 13 Apr 2011 05:35:19 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 30181 invoked by uid 99); 13 Apr 2011 05:35:17 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Apr 2011 05:35:17 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of bchesneau@gmail.com designates 209.85.214.52 as permitted sender) Received: from [209.85.214.52] (HELO mail-bw0-f52.google.com) (209.85.214.52) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Apr 2011 05:35:10 +0000 Received: by bwj24 with SMTP id 24so581336bwj.11 for ; Tue, 12 Apr 2011 22:34:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=/NrpGUy9R7/2FEhXjBjD/MOsy9bLd6SDximb/C+nCQk=; b=lcRmsO0TnBgYXs2bnjkzNVOb4IXAybPVOephr3xDF4OIp0ou1vgWtzTZIy33vX8Hvd lVRx+bOjsb4HHo+bgSjJErvL/CkM7GjLoeksj1gOW6uDLNTbw3Z4HMLbkRAzCGW9FhAq GPCgYP/KCpkgdR53FerKcQ8Wdm6EwF3YPJTZg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=KZf+LeJ3hDDAGryVRr3FWbXer2RNdHrJJ5XmTRUEAc4eEbEJ2c9Nea8OmkkzmV49vf 4WibyqYc3h6DRZgBvyUzoUyh+i7LWF3fawC5JlRLck64o1UaqTRCueY5mCcuOKcFo4dO 5Hc4dN4QFEngxgzGIGRNYMRYYB0+o0QrEIzEI= MIME-Version: 1.0 Received: by 10.204.224.2 with SMTP id im2mr7104057bkb.103.1302672889550; Tue, 12 Apr 2011 22:34:49 -0700 (PDT) Received: by 10.204.130.81 with HTTP; Tue, 12 Apr 2011 22:34:49 -0700 (PDT) In-Reply-To: <3746963615976933497@unknownmsgid> References: <1383643868066120172@unknownmsgid> <3746963615976933497@unknownmsgid> Date: Wed, 13 Apr 2011 07:34:49 +0200 Message-ID: Subject: Re: Encrypting attachments From: Benoit Chesneau To: "user@couchdb.apache.org" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org On Tuesday, April 12, 2011, Travis Jensen wrote: > On Apr 12, 2011, at 11:41 AM, Benoit Chesneau wrote= : > >> On Tue, Apr 12, 2011 at 7:33 PM, Travis Jensen = wrote: >>> If I wanted to encrypt all attachments, where would I go about hooking >>> in to couch? I'm guessing I would have to replace the current >>> attachment handler, right? >>> >>> I haven't started digging on this; I thought it might be useful to get >>> some feedback first. >>> >>> Thanks >>> >>> Tj >>> >>> - >>> Travis Jensen >>> >> >> for better security I would encode them at the client level so the >> server isn't aware of the decryption key or anything. >> >> - beno=EEt > > While I totally agree with you, it isn't really practical for > web-based applications. > > Tj > > - > Travis Jensen > Yo can imagine to have private gateway from where mobile and web clents can access, so the server knows nothing about the encryltion and you cgan replicate it safely, the gateway will only need to point the current online storage. Something done by tahoe-lafs for ex. -benoit