Protobuf does not support this
On Friday, February 19, 2016 at 3:57:10 PM UTC-8, Eric Anderson wrote:
>
> Is anyone aware of a library / wrapper for working with encrypted and/or
> signed data in protobufs (or other similar message description &
> serialization tools)?
>
> I keep finding myself dealing with messages where all or part of the
> message is encrypted, like so:
>
> message ThisIsCleartext {
> optional SomeUnencryptedStuff bar = 1;
> optional bytes cyphertext = 2;
> }
> message ThisIsEncrypted {
> optional SomethingSensitive baz = 1;
> optional SomethingElse quux =2 ;
> // etc.
> }
>
> I’d build them like so:
>
> a = ThisIsEncrypted()
> a.baz = something
> a.qux = something_else
>
> a_str = a.SerializeToString()
> a_enc = SomeEncryptionFunction(a_str, key)
>
> b = ThisIsClearText()
> b.bar = whatever
> b.cyphertext = e_enc
>
> (Plus some boilerplate like nonces, tags for what cryptosystem is used,
> etc.)
>
> To access the data, the process is reversed: Access the cleartext protobuf
> b, pull out the cyphertext as a string/byte array, decrypt it separately,
> then parse that string to get the (formerly) encrypted protobuf message a.
>
> This works fine, but it’s not particularly elegant, and nothing enforces
> that bytes cyphertext is actually what it’s supposed to be: an encrypted
> representation of a ThisIsEncrypted.
>
> Do you know of something better? In my fantasy world, I’d be able to write
> something like:
>
> message Foo {
> optional SomeUnencryptedStuff bar = 1;
> encrypted (cipher_spec) c {
> optional SomethingSensitive baz = 3;
> optional SomethingElse quux = 4 ;
> }
> }
>
> and access it like:
>
> a = Foo()
> a.bar = this
> a.c.baz = that
> a.c.quux = the other thing
>
> msg = a.SerializeToString()## Whoops! That's BS. Not encrypted. Throws an
> error
>
> a.c.Encrypt(some parameters, some keys, some nonces, whatevs)
> msg = a.SerializeToString()## Ok, that works. a.c contains the cyphertext
> and tags and stuff
>
> b = Foo()
> b.ParseString(msg)print b.c.baz## Whoops! Can't access encrypted data
> b.c.Decrypt(some keys)print b.c.baz## ok
>
> Is there anything like that out there? If not, are there any obvious
> barriers to implementing it? Does this seem useful to other people?
>
>
> Cheers,
>
> Eric
>
>
> (pardon any formatting weirdness, I tried to keep the syntax highlighting
> from https://gist.github.com/ewa/513a87ae1b1b7868d62a here).
>
--
You received this message because you are subscribed to the Google Groups
"Protocol Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to protobuf+unsubscr...@googlegroups.com.
To post to this group, send email to protobuf@googlegroups.com.
Visit this group at https://groups.google.com/group/protobuf.
For more options, visit https://groups.google.com/d/optout.
