I think that is not neccessary true. How about following sequence?
A) Saving data
--------------
1) You connect to the server with ssh kind connection --> Data between
client and your server is crypted.
2) You transfer some data to the application over ssh secured crypto
pipe to the subversion crypto-plugin.
3) Subversion crypto-plugin crypts the data immediately with your
asymmetric public key to the servers database. (Data can be decrypted
only with your private key)
B) Retrieving data
------------------
1) You connect to the server with ssh kind connection --> Data between
client and your server is crypted.
2) You pass your private key for the subversion plugin over ssh secured
crypto pipe (Ie only subversion plugin can receive information from your
private key)
3) Subversion crypto plugin encryptes the data in the server by using
your private key and sends it for you over ssh secured pipe
Mika
Jerry Haltom wrote:
> I suspose basic crytpgraphy comes into play here. If the encrypted data
> exists on a box, and the box must read from that data, as it would have
> to in order to access it. Then understandably the key itself must exist
> on the system. Accordingly, somebody who owns the system has access to
> all of that. End of story!
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Aug 11 19:38:59 2003