How to best update remote compressed, encrypted archives incrementally?

robert no-spam at no-spam-no-spam.com
Sat Mar 11 12:25:20 EST 2006 

Steven D'Aprano wrote:

> On Sat, 11 Mar 2006 16:09:22 +0100, robert wrote:
> 
> 
>>>Lastly, have you considered that your attempted solution is completely the
>>>wrong way to solve the problem? If you explain _what_ you are wanting to
>>>do, rather than _how_ you want to do it, perhaps there is a better way.
>>
>>So, there seems to be a big barrier for that task, when encryption is on 
>>the whole archive. A complex block navigation within a block cipher 
>>would be required, and obviously there is no such (handy) code already 
>>existing. Or is there a encryption/decryption method which you can can 
>>use like a file pipe _and_ which supports 'seek'?
> 
> 
> [snip]
> 
> Let's try again: rather than you telling us what technology you want to
> use, tell us what your aim is. I suspect you are too close to the trees to
> see the forest -- you are focusing on the fine detail. Let's hear the big
> picture: what is the problem you are trying to solve? Because, frankly, as
> far as I can see, the solution you are looking for doesn't exist. But
> maybe I'm too far from the forest to see the individual trees.
> 
> "I need encryption that supports seek" -- no, that's you telling us _how_
> you want to solve your problem.
> 
> Perhaps you can tick some/all of the following requirements:
> 
> - low bandwidth usage when updating the remote site
> 
> - transmission needs to be secure
> 
> - data on the remote site needs to be secure in case of theft or break-ins
> 
> - remote site is under the control of untrusted parties; 
> or remote site is trusted
> 
> - remote site is an old machine with limited processing power and very
> small disk storage; 
> or remote site can be any machine we choose
> 
> - local site needs to run Windows/Macintosh/Linux/BSD/all of the above
> 
> - remote site runs on Windows/Macintosh/Linux/BSD/anything we like
> 
> - we are updating text files/binary files 
> 
> - anything else you can tell us about the nature of your problem 

The main requirement is, that it has to be become a cohesive, reusable, 
portable (FTP/SFTP standard) functionality as mentioned in the OP. A 
Python module at best. For integration in a bigger Python app. not a 
one-time admin hack with a bunch of tools to be fiddled together on each 
user machine. So the 'how' is mostly =='what'. Its a Python question so far.

The last 2 methods I mentioned already are maybe a way to a compromise, 
  (if integrated one-stream encryption cannot be managed)

The only issue remaining: A native Python module for pgp-(pwd 
only)-encryption or another kind of good (commonly supported) 
encryption. ZIP2-encryption itself seems to be too weak? (Still so in 
recent ZIP formats? what about the mode of 7zip etc?)  But I found no 
python modules for either.

http://www.amk.ca/python/code/gpg  just calls into an external gpg 
installation.

Can the functionality of "gpg -c"  maybe fiddled together with PyCrypto
easily ?  (variable length key/pwd only - no public key stuff required)

And what about ZIP password-only encryption itself?  Are there maybe any 
usable improvents ?

And: when there are many files encrypted with the same password (both 
PGP and ZIP), will this decrease the strength of encryption?

Robert

More information about the Python-list mailing list