mirror of
https://github.com/samvallad33/vestige.git
synced 2026-07-02 22:01:01 +02:00
The portable archive is encrypted on the client before upload and decrypted after download, so the hosted service only ever stores ciphertext — true zero-knowledge. The passphrase (VESTIGE_CLOUD_ENCRYPTION_KEY) is independent of the bearer sync key and never leaves the device. - new cloud_crypto module: Argon2id KDF + XChaCha20-Poly1305 AEAD, self- describing envelope (MAGIC|version|salt|nonce|ciphertext+tag) - HttpPortableSyncBackend encrypts on write / decrypts on read; transparent upgrade of legacy plaintext archives; clear error if remote is encrypted but no passphrase is set - sync_portable_archive_cloud takes optional encryption_key - CLI surfaces encryption status (on/off) on sync - 6 crypto tests (roundtrip, wrong-key, tamper detection, non-determinism, envelope detection); E2E verified: server blob is ciphertext, passphrase device recovers, no-passphrase device cannot decrypt 491 core tests green, clippy -D warnings clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| advanced | ||
| codebase | ||
| connectors | ||
| consolidation | ||
| embedder | ||
| embeddings | ||
| fsrs | ||
| memory | ||
| neuroscience | ||
| search | ||
| storage | ||
| config.rs | ||
| fts.rs | ||
| lib.rs | ||