Actually, the idea about key storage specifically is to be able to store encrypted copies of your keys (that HavenCo doesn't have the ability to decrypt) in case you lose them.
Somewhat like the keys or boot disks you get with drive encryption software.
This becomes particularly important (or, has been an asked for augment to the offering) with LAFS, since the file *name* ("capability") in LAFS has the decryption key as part of it. So for users not already running drive encryption, they need to store those names on an encrypted partition or in an encrypted file.
Could be done by users on S3, a google doc, email to gmail or elsewhere, but people have asked for it as part of a service.
Using LAFS for file storage, the metadata is encrypted as well - so HavenCo or any other LAFS-based operator wouldn't know exactly what chunks of data go with what files. There are downsides to that - file consistency can't be checked since we don't know what chunks go with what files, and what files or directories go with what parent directories.
With the S3-compatible offering, metadata is not encrypted as well. When users enable AES-256 on clients such as Cyberduck or SME, the contents and name of the files/objects are encrypted, but we do have the ciphertext (encrypted data) grouped by file.
Techdirt has not posted any stories submitted by Avi Freedman.
Re: encryption keys on Sealand
Somewhat like the keys or boot disks you get with drive encryption software.
This becomes particularly important (or, has been an asked for augment to the offering) with LAFS, since the file *name* ("capability") in LAFS has the decryption key as part of it. So for users not already running drive encryption, they need to store those names on an encrypted partition or in an encrypted file.
Could be done by users on S3, a google doc, email to gmail or elsewhere, but people have asked for it as part of a service.
Re: metadata
With the S3-compatible offering, metadata is not encrypted as well. When users enable AES-256 on clients such as Cyberduck or SME, the contents and name of the files/objects are encrypted, but we do have the ciphertext (encrypted data) grouped by file.
Techdirt has not posted any stories submitted by Avi Freedman.
Submit a story now.