This special field allows to declare a set of fields as confidential, meaning they contain sensible information such as passwords or secrets. Its usage is:
%confidential: field1 field2 ... fieldN
The list of field names are separated by one or more blank characters.
There can be several
%confidential fields in the same record
descriptor, the effective list of confidential fields being the union
of all the entries.
Declaring a field as confidential indicates that its contents must not be stored in plain text, but encrypted with a password-based mechanism. When the information is retrieved from the database the confidential fields are unencrypted if the correct password is provided. Likewise, when information is inserted in the database the confidential fields are encrypted with some given password.
For example, consider a database of users of some service. For each
user we want to store a name, a login name, an email address and a
password. All this information is public with the obvious exception
of the password. Thus we declare the
Password field as
confidential in the corresponding record descriptor:
%rec: Account %type: Name line %type: Login line %type: Email email %confidential: Password
The rec format does not impose the usage of a specific encryption algorithm, but requires that:
encrypted-followed by the encrypted data.
The above rules assure that it is possible to determine whether a given field is encrypted. For example, the following is an excerpt from the account database described above. It contains an entry with the password encrypted and another with the password unencrypted:
Name: Mr. Foo Login: foo Email: email@example.com Password: encrypted-AAABBBCCDDDEEEFFF Name: Mr. Bar Login: bar Email: firstname.lastname@example.org Password: secret
Unencrypted confidential fields are considered a data integrity error,
and utilities like
recfix will report it. The same utility can
be used to “fix” the database by massively encripting any
Nothing prevents the usage of several passwords in the same database. This allows the establishment of several level of securities or security profiles. For example, we may want to store different passwords for different online services:
%rec: Account %confidential: WebPassword ShellPassword
We could then encrypt WebPassword entries using a password shared among all the webmasters, and the ShellPassword entries with a more restricted password available only to the administrator of the machine.
The GNU recutils fully support encypted fields. See the documentation
recfix for details on how
to operate on files containing confidential fields.