💾 Archived View for gemini.complete.org › encrypting-filespooler-jobs-with-age captured on 2024-12-17 at 10:00:40. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-07-09)

-=-=-=-=-=-=-

Encrypting Filespooler Jobs with Age

Like the process described in Encrypting Filespooler Jobs with GPG[1], Filespooler[2] can handle packets Encrypted[3] with Age (Encryption)[4]. Age may be easier than GnuPG in a number of cases, particularly because it can use a person's existing SSH keypairs for encryption.

1: /encrypting-filespooler-jobs-with-gpg/

2: /filespooler/

3: /encrypted/

4: /age-encryption/

This process is fundamentally quite similar to handling encryption with GnuPG: we'll be adding an encryption command in the pipe after prepare, and adding a decoder to the queue processing commands.

How to use age

First, let's generate our keypair:

$ age-keygen -o test.age.sec
Public key: age1apfzl3df26aur7rd0stps75gf6fretpdjwhtvjm7t3uru47sjqvsvmx0sh

Now, the sender needs to know that public key and the recipient needs to have the `test.age.sec` file. So, say we have done `fspl queue-init -q ~/q` and want to add a packet to it:

sender$ echo hi \
  | fspl prepare -i - -s ~/seq \
  | age -e -r age1apfzl3df26aur7rd0stps75gf6fretpdjwhtvjm7t3uru47sjqvsvmx0sh \
  | fspl queue-write -q ~/q

OK, that's the encryption bit. How about the decryption?

receiver$ $ fspl queue-ls -q /tmp/q -d 'age -d -i test.age.sec'
ID                   creation timestamp          filename
1                    2022-05-20T22:52:39-05:00   fspl-c537c39d-984d-4dc6-b488-9048124b8d75.fspl

That's all there was to it! We gave `queue-ls` (could have easily been `queue-process` or some such also) the decoder that caused age to decode the data using the secret key. Done!

--------------------------------------------------------------------------------

Links to this note

5: /introduction-to-filespooler/

It seems that lately I've written several shell implementations of a simple queue that enforces ordered execution of jobs that may arrive out of order. After writing this for the nth time in bash, I decided it was time to do it properly. But first, a word on the *why* of it all.

6: /encrypting-filespooler-jobs-with-gpg/

Thanks to Filespooler[7]'s support for decoders, data for filespooler can be Encrypted[8] at rest and only decrypted when Filespooler needs to scan or process a queue.

7: /filespooler/

8: /encrypted/

9: /filespooler/

Filespooler lets you request the remote execution of programs, including stdin and environment. It can use tools such as S3, Dropbox, Syncthing[10], NNCP[11], ssh, UUCP[12], USB drives, CDs, etc. as transport; basically, a filesystem is the network for Filespooler.
Filespooler is particularly suited to distributed and Asynchronous Communication[13].

10: /syncthing/

11: /nncp/

12: /uucp/

13: /asynchronous-communication/

More on www.complete.org

Homepage

Interesting Topics

How This Site is Built

About John Goerzen

Web version of this site

(c) 2022-2024 John Goerzen