Fix Chunk Transfer Between Vaults with Different Encryption #118
Description
Problem
Currently, transferring chunks between vaults with different encryption settings can lead to corrupted data:
- AES → Unencrypted: Chunks get transferred but are corrupted.
- Encrypted vaults with different keys: Transfer fails.
Proposed Solution
The correct flow for transferring chunks should be:
- Take the encrypted chunk from the source vault.
- Decrypt it using the source vault’s key.
- Sign the chunk with the sender’s public key.
- Transfer the chunk to the target vault.
- Decrypt/re-encrypt based on the target vault’s encryption settings.
- Store the chunk in the target vault.
Flow Diagram
flowchart LR
subgraph Source Vault
A1[Encrypted Chunk]
A2[Decrypt with Source Key]
A3[Sign with Sender's Public Key]
end
subgraph Transfer
T[Send Chunk to Target Vault]
end
subgraph Target Vault
B1[Receive Chunk]
B2[Decrypt/Encrypt based on Target Vault Settings]
B3[Store Chunk]
end
A1 --> A2 --> A3 --> T --> B1 --> B2 --> B3
Enhanced Multi-Vault Flow
flowchart LR
subgraph Vault A
A1[Encrypted Chunk A1]
A2[Decrypt with Vault A Key]
A3[Sign with Vault A Public Key]
end
subgraph Vault B
B1[Encrypted Chunk B1]
B2[Decrypt with Vault B Key]
B3[Sign with Vault B Public Key]
end
subgraph Vault C
C1[Encrypted Chunk C1]
C2[Decrypt with Vault C Key]
C3[Sign with Vault C Public Key]
end
subgraph Transfer
T1[Send Chunk A1 → Vault B]
T2[Send Chunk B1 → Vault C]
T3[Send Chunk C1 → Vault A]
end
subgraph Target Vault Handling
TA[Vault B: Decrypt/Encrypt & Store Chunk]
TB[Vault C: Decrypt/Encrypt & Store Chunk]
TC[Vault A: Decrypt/Encrypt & Store Chunk]
end
%% Flow connections
A1 --> A2 --> A3 --> T1 --> TA
B1 --> B2 --> B3 --> T2 --> TB
C1 --> C2 --> C3 --> T3 --> TC
Flow Explanation:
- Each vault decrypts and signs its chunks.
- Chunks are transferred to target vaults.
- Receiving vaults decrypt/re-encrypt according to their encryption settings.
- Ensures safe and consistent transfers even with different vault encryption or keys.