File encryption built into IPFS?

From @mattseh on Mon May 09 2016 17:29:57 GMT+0000 (UTC)


I googled around for this, but didn’t find anything: Are there plans to allow adding and getting of ipfs objects with transparent encryption of the data by IPFS?

For example: “ipfs add file.txt --password=abc” “ipfs get --password=abc”

Copied from original issue:

From @lidel on Tue May 10 2016 07:17:28 GMT+0000 (UTC)

You can use external tools to achieve it: write a wrapper script that encrypts file before adding it to IPFS.

Basic symmetrical encryption from your example can be done via openssl, for example:

# encrypt
openssl aes-256-cbc -salt -in plain.txt  -out encrypted.txt

# decrypt
openssl aes-256-cbc -d -in encrypted.txt -out decrypted.txt 

For asymmetrical use gpg.

Follow Unix philosophy “Do One Thing and Do It Well”.

From @bronger on Fri Jun 10 2016 17:37:07 GMT+0000 (UTC)

But the IPFS whitepaper mentiones “object-level cryptography”. Has this plan been dropped?

From @Kubuxu on Fri Jun 10 2016 18:27:25 GMT+0000 (UTC)

No it hasn’t, it is generally written down as keystore, see:

As it depends on IPLD and keychain (where the latter hasn’t been touched yet as it also depends on IPLD) it will be some time until it is usable.

Just wanted to know if there are any updates on object encryption baked into ipfs?

I don´t know if you take it into account:

1 - ideally nobody should be able to inspect anything in his local (or remote) IPFS storage unless he provides the IPFS address.

2- This means that the content should be encrypted by default. Otherwise privacy will be compromised.

3- enchription/decription of the content in the storage, that addresses the previous points can be done transparently using IPFS hashes with some additional layer. this layer could provide symetrical transparent encryption/decription without breaking compatibility with previous versions of IPFS.

What is the philosophy of IPFS around these points? I think that hashing can/should be used no only for content addressing but also for privacy, since only the ones who know the IPFS address should be able to access it.

Am I right? can be done? is it done already?