From 5491e2f59e8b011fbf863a2f652a22f250a12285 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Fri, 29 Jan 2021 08:06:09 +0200
Subject: doc: add outline of encryption verification scenarios

This is about the minimal set of scenarios to verify that Obnam has
some form of encryption, however simplistic. This will form a start on
which to base future work, even if that may eventually end up changing
everything.

Even the longest journey starts with a single step.
---
 obnam.md | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/obnam.md b/obnam.md
index accfca2..e81989b 100644
--- a/obnam.md
+++ b/obnam.md
@@ -1039,11 +1039,51 @@ given a manifest of the directory live restored in rest in rest.yaml
 then files second.yaml and rest.yaml match
 ~~~
 
+# Acceptance criteria for backup encryption
 
+This chapter outlines scenarios, to be implemented later, for
+verifying that Obnam properly encrypts the backups. These scenarios
+verify only encryption aspects of Obnam.
+
+## Backup without passphrase fails
+
+Verify that trying to backup without having set a passphrase fails
+with an error message that clearly identifies the lack of a
+passphrase.
+
+## A passphrase can be set
+
+Set a passphrase. Verify that it's stored in a file that is only
+readable by it owner. Verify that a backup can be made.
+
+## A passphrase stored insecurely is rejected
+
+Verify that a backup fails if the file where the passphrase is stored
+is readable by anyone but its owner. Verify that the error message
+explains that the backup failed due to the passphrase file insecurity.
+
+## The passphrase can be changed
+
+Verify that the passphrase can be changed and that backups made before
+the change can no longer be restored. (Later, this requirement will be
+re-evaluated, but this is simple and gets us started.)
+
+## The passphrase is not on server in cleartext
+
+Verify that after the passphrase has been set, and a backup has been
+made, the passphrase is not stored in cleartext on the server.
+
+## A backup is encrypted
+
+Verify that the backup repository does not contain the backed up data
+in cleartext.
 
 
 <!-- -------------------------------------------------------------------- -->
 
+# Colophon
+
+This manual is edited in Markdown and typeset using [Subplot][].
 
 ---
 title: "Obnam2&mdash;a backup system"
-- 
cgit v1.2.1