Thomas Heck
e59748951b
Flake input changes: * Updated 'flake-utils': 'github:numtide/flake-utils/3982c9903e93927c2164caa727cd3f6a0e6d14cc' -> 'github:numtide/flake-utils/5466c5bbece17adaab2d82fae80b46e807611bf3' * Updated 'nixpkgs': 'github:NixOS/nixpkgs/74b9241e60c796ff68876f87916062d54c4aa0f5' -> 'github:NixOS/nixpkgs/05f5a9814170cb8a501755722b455ea9f23fd034'
Encrypted CRDTs
Main goal: make an encrypted layer that can be used to store CRDTs on something like syncthing.
tech
Changes are stored as CRDT-Ops or full-States. Resulting files are immutable (files are written only once and never changed after that; but can be deleted) and content-addressable (the name of the file is the hash of its content).
compaction
Before writing out a change the device can decide to do a compaction on the data by writing out the a full-state and removing all merged state and applied op files.
header
- resembles luks (the actual encryption key used for the data isn't derived from the password(s))
- no need to re-encrypt all files after key change (but can be re-encrypted if needed. this requires a compactation and the old encryption key needs to be stored to be able to apply ops coming from other devices that are still using the old key)
- allows password management / multiple passwords
- store header as full-state CRDT