Module asuran::repository[−][src]

Expand description

The repository imeplements a low-level key-value store, upon which all higher level structures in asuran are built.

The repository stores individual chunks, arrays of bytes, that can be compressed and encrypted. Chunks are addressed by their key, which, with the exception of the repository manifest, is derived from an HMAC of the plain text of the chunk.

Asuran repositories currently only operate in append only mode

Encryption and Compression

Encryption and compression algorthims can be swapped out on a chunk by chunk basis, with Encryption::NoEncryption and Compression::NoCompression providing pass through modes for those who do not wish to use those features.

Authentication

Asuran uses Hash based Method Authentication Codes (HMAC), with swappable hash algorithims, for both deduplicating and ensuring data integrety.

The hash algorhtim used for the HMAC can also be changed out on a chunk by chunk basis, though this would not be wise to do. As deduplication is perfomed based on plaintext HMAC, this would severely compromise the effectiveness of deduplicaiton.

While the hash algrorithim used for HMAC can be swapped out, unlike the ones for encryption and compression, it can not be turned off. Asuran always verifies the intergety of the data.

Deduplication

The deduplication strategy in asuran is straight foward. Each chunk is stored in the repository with the hash of its plaintext as its key. As the hash function used is a cryptographically secure HMAC, we can be sure within the limits of reason that if two chunks have the same key, they have the same data, and if they have the same data, then they have the same key.

Asuran will not write a chunk whose key already exists in the repository, effectivly preventing the storage of duplicate chunks.