Roadmap
- Consider switching the KDF from salted BLAKE2b. Unfortunately, there's basically nothing except HKDF-SHA-2, which is needlessly inefficient. Could use BLAKE3, but that would require another dependency.
- v2 of the signature format should use Ed25519ph for prehashing. It wasn't available in the previous libsodium binding.
- Reconsider random nonces (e.g. for private key encryption).
- Could switch to libsodium's secretstream API for file encryption. This wasn't available in the previous libsodium binding. One may be coming for AEGIS. Or just write a STREAM library, which I should do anyway.
- Support more recipients/change the key wrap header approach.
- Remove free space from the file metadata header.
- Consider ASCII armour/Minisign style detached signature files.
- Will need to eventually switch to post-quantum asymmetric primitives - KEM and signing. This requires waiting for further analysis and library support (likely years). The UX will be terrible.
- Consider supporting unencrypted private keys for non-interactive use cases.
- Support non-detached signatures?
- Confirm
y/n
before-o|--overwrite
? - Do a progress bar like Docker?
- Consider supporting YubiKeys via the .NET YubiKey SDK. I don't currently have a YubiKey to test anything, I don't want to buy a YubiKey because I have no use for one, and this is not trivial to implement.
- Have a
trusted
folder for public keys, with separate files or folders for encryption/signing? No idea what the UX would be.
Last modified 5mo ago