Protobuf does not support this
On Friday, February 19, 2016 at 3:57:10 PM UTC-8, Eric Anderson wrote:
>
> Is anyone aware of a library / wrapper for working with encrypted and/or
> signed data in protobufs (or other similar message description &
> serialization tools)?
>
> I keep finding myself dealing with messages where all or part of the
> message is encrypted, like so:
>
> message ThisIsCleartext {
> optional SomeUnencryptedStuff bar = 1;
> optional bytes cyphertext = 2;
> }
> message ThisIsEncrypted {
> optional SomethingSensitive baz = 1;
> optional SomethingElse quux =2 ;
> // etc.
> }
>
> I’d build them like so:
>
> a = ThisIsEncrypted()
> a.baz = something
> a.qux = something_else
>
> a_str = a.SerializeToString()
> a_enc = SomeEncryptionFunction(a_str, key)
>
> b = ThisIsClearText()
> b.bar = whatever
> b.cyphertext = e_enc
>
> (Plus some boilerplate like nonces, tags for what cryptosystem is used,
> etc.)
>
> To access the data, the process is reversed: Access the cleartext protobuf
> b, pull out the cyphertext as a string/byte array, decrypt it separately,
> then parse that string to get the (formerly) encrypted protobuf message a.
>
> This works fine, but it’s not particularly elegant, and nothing enforces
> that bytes cyphertext is actually what it’s supposed to be: an encrypted
> representation of a ThisIsEncrypted.
>
> Do you know of something better? In my fantasy world, I’d be able to write
> something like:
>
> message Foo {
> optional SomeUnencryptedStuff bar = 1;
> encrypted (cipher_spec) c {
> optional SomethingSensitive baz = 3;
> optional SomethingElse quux = 4 ;
> }
> }
>
> and access it like:
>
> a = Foo()
> a.bar = this
> a.c.baz = that
> a.c.quux = the other thing
>
> msg = a.SerializeToString()## Whoops! That's BS. Not encrypted. Throws an
> error
>
> a.c.Encrypt(some parameters, some keys, some nonces, whatevs)
> msg = a.SerializeToString()## Ok, that works. a.c contains the cyphertext
> and tags and stuff
>
> b = Foo()
> b.ParseString(msg)print b.c.baz## Whoops! Can't access encrypted data
> b.c.Decrypt(some keys)print b.c.baz## ok
>
> Is there anything like that out there? If not, are there any obvious
> barriers to implementing it? Does this seem useful to other people?
>
>
> Cheers,
>
> Eric
>
>
> (pardon any formatting weirdness, I tried to keep the syntax highlighting
> from https://gist.github.com/ewa/513a87ae1b1b7868d62a here).
>
--
You received this message because you are subscribed to the Google Groups
"Protocol Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/protobuf.
For more options, visit https://groups.google.com/d/optout.
