UFilippo Valsorda, i-cryptographer enoxanduva lokhuseleko lwe-Go programming language kuGoogle, upapashe ukhupho lokuqala oluzinzileyo lwesixhobo esitsha sofihlo lwedatha, Ubudala (Enyanisweni Ufihlo Oluhle). Isixhobo sibonelela ngojongano lomgca womyalelo olula wokuguqulela iifayile usebenzisa i-symmetric (password) kunye ne-asymmetric (isitshixo sikawonkewonke) i-cryptographic algorithms. Ikhowudi yeprojekthi ibhalwe kwi-Go kwaye isasazwe phantsi kwelayisensi ye-BSD. Ulwakhiwo lulungiselelwe iLinux, iFreeBSD, iMacOS kunye neWindows.
Imisebenzi esisiseko ibandakanyiwe kwithala leencwadi elinokuthi lisetyenziswe ukudibanisa ukusebenza okubonelelwa ngumsebenzi kwiinkqubo zakho. Ngokwahlukileyo, ngaphakathi kwesakhelo seprojekthi yomsindo, enye indlela yokuphunyezwa kwesixhobo esifanayo kunye nethala leencwadi, elibhalwe ngolwimi lweRust, liyaphuhliswa. Ukufihla, i-algorithms eqinisekisiweyo isetyenzisiweyo: I-HKDF (i-HMAC-based Extract-and-Expand Key Derivation Function), SHA-256, HMAC (Hash-based Message Authentication Code), X25519, Scrypt kunye ne-ChaCha20-Poly1305 AEAD.
Phakathi kweempawu ze-Age, ezi zilandelayo zivelele: ukukwazi ukusebenzisa i-compact 512-bit izitshixo zikawonkewonke, zidluliselwe ngokulula ngebhodi eqhotyoshwayo; Ujongano lwelayini yomyalelo olula ayilayishwanga kakhulu ngokhetho; ukungabikho kweefayile zoqwalaselo; Ukubanakho kokusetyenziswa kwizikripthi kunye nokudityaniswa nezinye izinto eziluncedo ngokwakha ikhonkco leefowuni kwisitayile seUNIX. Zombini ukuvelisa izitshixo zakho ezidibeneyo kunye nokusebenzisa izitshixo ze-SSH ezikhoyo ("ssh-ed25519", "ssh-rsa") ziyaxhaswa, kuquka inkxaso yeefayile zeGithub.keys. $ ubudala-keygen -o isitshixo.txt Isitshixo sikawonke-wonke: iminyaka1ql3z7hjy58pw3hyww5ayyfg7zqgvc7w3j2elw2zmrj2kg5sfn9bqmcac8p $ tar cvz ~/data | I-Age1Ql3z7z58z3hjy5pw7yhywwww7ykgvcy i-pg > umzekelo.jpg.age $ ubudala -d -i ~/.ssh/id_ed3 example.jpg.age > example.jpg
Kukho indlela yoguqulelo oluntsonkothileyo lwefayile yabamkeli abaninzi ngexesha elinye, apho ifayile iguqulelwa ngokuntsonkotha ngaxeshanye kusetyenziswa izitshixo ezininzi zikawonke-wonke kwaye uluhlu ngalunye lwabamkeli lunokuyicima. Izixhobo zikwabonelelwe nge-symmetric password-based encryption yefayile kunye nokukhusela iifayile zesitshixo zabucala ngokuzifihla usebenzisa igama eliyimfihlo. Inqaku eliluncedo kukuba ungenisa igama eliyimfihlo elingenanto ngexesha loguqulelo oluntsonkothileyo, into eluncedo iya kuvelisa ngokuzenzekelayo kwaye inikeze igama eligqithisiweyo elomeleleyo. $ yobudala -p secrets.txt > secrets.txt.age Faka ibinzana lokugqithisa (shiya ingenanto ukuze uzenzele ekhuselekileyo): Usebenzisa ibinzana logqitho elenziwe ngokuzenzekelayo "release-response-step-brand-wrap-ankle-pair-unusual-sword-train" . $ ubudala -d secrets.txt.age > secrets.txt Faka igama lokugqithisa: $ age-keygen | Ubudala -p> isitshixo. ubudala. ubudala Uluntu: Ubudala1YHM4GFTWFMRPZ87TDSLM530WRX6M79YY9F2HDZTAHNEHNEHNEHNEHNEHNEHPQRJPYX0 FAKA I-PASSPHRASE (Shiya ingenanto ukuze Uzenzele i-aCure One): Ukusebenzisa i-Autogened-MEHMHI-SPphrake-I-Autogened-MEHH-SPph INPUT-Umdlali".
Izicwangciso zexesha elizayo ziquka ukudalwa kwe-backend yokugcina amagama ayimfihlo kunye nomncedisi wezitshixo ezabelwana ngazo (i-PAKE), inkxaso ye-YubiKey keys, ukukwazi ukuvelisa izitshixo ezilula ukukhumbula ngendlela yesethi yamagama, kunye nokudala. yesixhobo sokunyuswa kwexesha lokunyuswa kweefayile ezifihliweyo okanye ugcino kwiFS.
umthombo: opennet.ru