[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Determining key permission bits

To: Andy Lutomirski <luto@amacapital.net>
Subject: Re: Determining key permission bits
From: Colin Percival <cperciva@tarsnap.com>
Date: Fri, 20 Dec 2013 18:22:31 -0800
Cc: tarsnap-users@tarsnap.com
In-reply-to: <CALCETrV2tEj+dr9Nk5Vei7ou3XsUT4NfZdCHfdx7upR=3kN_5Q@mail.gmail.com>
References: <CALCETrVFTFgo4YtnwTD-s0H-8jG_WnMSmWd7RmYMWUrjudtcRQ@mail.gmail.com> <D34E5E2B-0D04-45EC-AC01-688AFDB8B49C@goldmark.org> <CALCETrV2tEj+dr9Nk5Vei7ou3XsUT4NfZdCHfdx7upR=3kN_5Q@mail.gmail.com>

On 12/20/13 08:51, Andy Lutomirski wrote:
> FWIW, ls -l does give some hint -- keys with fewer permissions seem to
> be smaller.

Yes, this is generally correct, although there can be confounding factors -- if
a key file is passphrase-protected then it will be larger than a file with the
same keys but no encryption.

> Also, it would be nice if there was a way to revoke or rotate the delete key.

Hmm, interesting idea.  I wonder what credentials should be used to authorize
a key-rotation request...

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid

Follow-Ups:
- Re: Determining key permission bits
  - From: Andy Lutomirski <luto@amacapital.net>

References:
- Determining key permission bits
  - From: Andy Lutomirski <luto@amacapital.net>
- Re: Determining key permission bits
  - From: Jeffrey Goldberg <jeffrey@goldmark.org>
- Re: Determining key permission bits
  - From: Andy Lutomirski <luto@amacapital.net>

Prev by Date: Re: Determining key permission bits
Next by Date: Re: Determining key permission bits
Previous by thread: Re: Determining key permission bits
Next by thread: Re: Determining key permission bits
Index(es):
- Date
- Thread