I would be interested in this mainly for the "prove that files have not been modified" aspect - I'm only not interested in the other components because my delete + read keys live offline. Otherwise, I could also see a use-case for that :)
On Wed, 07 Sep 2016, Colin Percival wrote: > Hi all, > > Tarsnap is designed to detect if your data is modified: Archives are > cryptographically signed, and the signatures are verified before any > data is extracted. However, this depends on the integrity of the key: > If someone has your delete and write keys, they could delete an archive > and create a new one with the same name, and (since they have the keys) > it would cryptographically validate. > > It occurs to me that we could have a stronger unforgeability property > via out-of-band (non-cryptographic) verification of the archive metadata > hash; even with the keys, it would be impossible to create a different > archive which has the same hash (unless you find a SHA256 collision). In > addition to the "stolen keys" scenario, this could be useful if you need > to prove (e.g., for auditing or legal purposes) that *you* haven't changed > an archive since the time when you created it. > > Is anyone interested in having this functionality? It seems like too > obscure a use case to write code for if nobody wants it yet, but if there's > a demand then it's definitely doable. > > -- > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid