Wishlist / reminders for a new protocol format

[felixfontein]

This issue is to keep track of things that should be changed / improved when we want to update SOPS's encrypted file format.

• MAC:

  • Do not ignore null values: MAC is not changed when add null values in yaml file #828
  • Include keys in MAC computation to avoid problem described in Question: How to manage merge conflicts with MAC signature #52 (comment)

• Encrypted data:

  • Add padding to not fully reveal the length of the clear text data (Encrypted data reveal the length of the clear text data #815)
  • Eventually even encrypt null: MAC is not changed when add null values in yaml file #828 (comment)
  • Use protobuf instead of own format: Encrypted data reveal the length of the clear text data #815 (comment)

[felixfontein]

Round-trip safe presentation of data, like getting back 1.10, 0x1_5, etc. after decryption when that was the input value. There's always the question of how far this can and should go, like preserving other YAML properties (tags, flow style, whether strings use quoting, what kind of quoting, multiline string representation, etc.).

Ref: #1616 (comment)